
Vulnerable CGI Scripts • Chapter 4 155
script, or a form may have an option button or a check box that offers a
choice that isn’t supported by the script. For this reason, code in your
CGI script should recognize bad information and ignore it.
Don’t use GET to send sensitive data. If the GET method is used, you
won't have to worry about setting limits, as this method is self-limiting.
The GET method will only deliver about a kilobyte of data to a script.
In addition, a Web server can automatically limit the size of data placed
into the QUERY_STRING environment variable, which determines
how the GET method will pass data to a CGI script. However, if the ...