Writing a Safe CGI Program
Problem
Because CGI programs allow external users to run programs on systems they would not otherwise have access on, all CGI programs represent a potential security risk. You want to minimize your exposure.
Solution
Use taint mode (the -T switch on the #! line).
Don’t blindly untaint data. (See below.)
Sanity-check everything, including all form widget return values, even hidden widgets or values generated by JavaScript code. Many people naïvely assume that just because they tell JavaScript to check the form’s values before the form is submitted, the form’s values will actually be checked. Not at all! The user can trivially circumvent this by disabling JavaScript in their browser, by downloading the form and altering the JavaScript, or quit by talking HTTP without a browser using any of the examples in Chapter 20.
Check return conditions from system calls.
Be conscious of race conditions (described below).
Run with -w and
use
strict
to make sure Perl isn’t assuming things incorrectly.Don’t run anything setuid unless you absolutely must. If you must, think about running setgid instead if you can. Certainly avoid setuid root at all costs. If you must run setuid or setgid, use a wrapper unless Perl is convinced your system has secure setuid scripts and you know what this means.
Always encode login passwords, credit card numbers, social security numbers, and anything else you’d not care to read pasted across the front page of your local newspaper. Use a secure ...
Get Perl Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.