On Sun, 10 Jun 2001, Burt Humburg wrote:
> Just installed Perl on a Linux box yesterday and I'm eager to get started...
>
> Is there a shareware/freeware Perl development environment? (As in comments
> are this color, constants are that color, a real-time debugger, etc?)
I suggest Emacs or Xemacs here. There might be some IDEs on Windows,
whicht might be more familiar to you, but I have to admit I never checked
out one.
>
> Is there a module/include/header that parses CGI input and sticks it into
> known variables?
Well - there's the do-it-all CGI.pm (perldoc CGI), which should come
pre-installed. If you want a more lightweight solution, you can give
CGI::Lite a try.
> How do I set Perl up to avoid security blunders? (I know there's a way of
> setting up a CGI-bin so that anyone can pass the OS commands as root, but I
> don't know how to avoid it.)
I guess you're referring to the famous perl.exe in cgi-bin problem on
Windows. That should be fairly easy to avoid. Just don't do it. :-)
Apart from that, most security risks originate from the scripts
themselves. Always develop using "use strict" and the -w flag for
warnings, so that you avoid undeclared variables. Also avoid passing
unchecked input to the system or using unchecked input for filenames.
There's a feature available, called tainting, which will help you locating
such misbehaviour. Use the -T switch for that. And read the perlsec
manpage for further information.
--
Markus Peter - SPiN AG
[EMAIL PROTECTED]
