On Mon, May 06, 2002 at 10:53:47AM +0200, Oskar Andreasson wrote: > 4. Everything so far is written in BASH script CGI's. Will anyone in the core team >object to this? I could redo the code in C, but it would require quite some time on >my hands unfortunately...
I tend to think of shell script cgi's as exteremly dangerous. You're working with a program who's primary purpose is to execute commands entered. You're writting a program who's primary task is to validate input and perform tasks for unpriveleged users who may be malicious. Somehow these two things seem incompatibile to me. C works but perl is generally easier to write secure CGI code with because you can use it's taint mode to force you to validate input. Additionally perl isn't really vulnerable to buffer overflows in your code (though any libraries or perl itself could still be). But that's just my 2 pieces of your favorite currency. -- Ben Reser <[EMAIL PROTECTED]> http://ben.reser.org We tend to see all wars through the lens of the current conflict, and we mine history for lessons convenient to the present purpose. - Brian Hayes
