Matt Sergeant wrote:
> All CGI scripts, no matter what language they are written in, can be
> insecure. There's no need to discuss this here [snip]
The original question, though, was whether embperl is *inherently* less secure
than some other strategies. I am no security expert, but some of the exploits
that were tried (unsuccessfully) by this cracker did in fact rely on whether
server-side includes and/or embedded Perl were active. Now, I am not saying
that directory permissions ought not to be correct and so on, but *supposing*
that there were some oversight in this area, *then* it seems to me the fact
that ssi or embperl was active *would* increase the chances of crackability.
So, a more complete answer to Ruben would address those concerns. Perhaps they
are already addressed elsewhere, in which case I apologize for this post. I do
not use embperl or ssi, so I disqualify myself from further comment.
