Phoenix.pm: New meeting place

Mark A. Sharkey mark at wcws.com
Thu Sep 2 16:12:57 CDT 1999


I'm very interested in this thread.  However, I don't have
the time to become 'one' with the manual, David. ;-)

What exactly is the 'major security risk'?  Can someone
explain it in basic terms?

Also, does the same risk hold true for the way my company is
currently doing it (with the foreach routine below)?

Thanks.



jim wrote:
> 
> > \_ my $q=new CGI;
> > \_ foreach ($q->param()) {
> > \_  ${$_} = $q->param($_);
> > \_ }
> >
> > Is it just me, or does this replicate the effort of
> >
> > $q->import_names('main');
> >
> Ooops! Red flag..
> 
> The CGI Docs warn that importing into 'main' is a "major security risk"
> $q->import_names('q'); is recommended...
> that gives you $q::field1, $q::field2..etc..
> thought it was worth mentioning.. ;-)
> 
> Jim M.


-- 
******* PLEASE NOTE *******
Our area code has changed!
******* PLEASE NOTE *******

Mark A. Sharkey
World Class Web Sites
mark at wcws.com
800 844 4434 (toll free)
480 461 9765 (local)
480 461 9312 (fax)



More information about the Phoenix-pm mailing list