Loading ...
Sorry, an error occurred while loading the content.

18401Re: [PBML] Explore Perl by an example

Expand Messages
  • Jenda Krynicky
    Mar 23, 2004
      From: "Dieter Werner" <hdw@...>
      > You are very right in a lot of things, but nobody will bring me to the
      > use of this 'monster' cgi.pm when I have to maintain a big number of
      > clients (at the same time) and to take care of the CPU resources.

      CGI.pm is not as big memory hog as it may seem. Most of the code is
      not compiled if not used. If you still think it's too big try
      CGI::Lite.

      > Please, nevermore write publically that my code is insecure - or just
      > prove it!
      >
      > There is a demo running at
      > http://www.everyscript.de/eAuction.html
      > everybody is allowed to hack this program in order to prove how
      > insecure it is!

      Your app doesn't seem to be in that a great shape anymore.
      I guess you'll find some files missing.
      I did not expect that the app will hang then though. All I wanted to
      do was to delete the data about the items.


      You are right that the eval""s in your code are safe. (At least I do
      believe they are.)

      You forgot to check other things though. Ever tried this?

      my $filename = "some_file.exe\0"
      open OUT, "> $filename.txt" or die "can't create: $!\n";

      Too bad ...

      Jenda
      P.S.: Now at last I can call myself a hacker in the media meaning.
      But you can't say you did not ask for it.
      ===== Jenda@... === http://Jenda.Krynicky.cz =====
      When it comes to wine, women and song, wizards are allowed
      to get drunk and croon as much as they like.
      -- Terry Pratchett in Sourcery
    • Show all 17 messages in this topic