On Tue, 12 Oct 1999, Ruben I Safir wrote:
> Dear Boss
>
> Thanks for pointing this article from PC Week out.
>
> I've already read and reviewed this, and discussed it with the hacker
> after it was anounced 3 weeks ago on http://slashdot.org.
> The hacker attacked a shrink wrapped CGI application with a documneted
> hackers weakness that has been passed around the net.
>
>
>
> See: http://slashdot.org/articles/99/09/24/1224221.shtml
>
>
>
>
> Note this discussion below which has been reviewed. Please review it as
> well so tha everyone is fully versed in the details of network security.
>
> I'm wondering if anyone else has comments on this. How secure is CGI.pm
> and EMBPERL?
All CGI scripts, no matter what language they are written in, can be
insecure. There's no need to discuss this here - simply read the cert's CGI
script security document. If you haven't read it and follow it's
precautions (which the developers of the photoads script obviously didn't)
then you shouldn't be developing secure web sites. There's really nothing
further to discuss.
--
<Matt/>
Details: FastNet Software Ltd - XML, Perl, Databases.
Tagline: High Performance Web Solutions
Web Sites: http://come.to/fastnet http://sergeant.org
Available for Consultancy, Contracts and Training.
