18401Re: [PBML] Explore Perl by an example
- Mar 23, 2004From: "Dieter Werner" <hdw@...>
> You are very right in a lot of things, but nobody will bring me to theCGI.pm is not as big memory hog as it may seem. Most of the code is
> use of this 'monster' cgi.pm when I have to maintain a big number of
> clients (at the same time) and to take care of the CPU resources.
not compiled if not used. If you still think it's too big try
> Please, nevermore write publically that my code is insecure - or justYour app doesn't seem to be in that a great shape anymore.
> prove it!
> There is a demo running at
> everybody is allowed to hack this program in order to prove how
> insecure it is!
I guess you'll find some files missing.
I did not expect that the app will hang then though. All I wanted to
do was to delete the data about the items.
You are right that the eval""s in your code are safe. (At least I do
believe they are.)
You forgot to check other things though. Ever tried this?
my $filename = "some_file.exe\0"
open OUT, "> $filename.txt" or die "can't create: $!\n";
Too bad ...
P.S.: Now at last I can call myself a hacker in the media meaning.
But you can't say you did not ask for it.
===== Jenda@... === http://Jenda.Krynicky.cz =====
When it comes to wine, women and song, wizards are allowed
to get drunk and croon as much as they like.
-- Terry Pratchett in Sourcery
- << Previous post in topic Next post in topic >>