[kw-pm] kw-pm Digest, Vol 84, Issue 4

[Nick Dumas]

On Mon, Jul 19, 2010 at 9:35 AM, Robert Pike <roberthpike at yahoo.com> wrote:
> When creating a CGI app (in Perl), what procedures and/or modules do you find useful when validating and/or removing
> anything harmful from a query? I'm using the CGI module currently, is there anything additional that can be added that will
> help with security issues and such? Any input would be appreciated. Thanks.

In addition to the technical means, you should avoid thinking of it in
terms of "removing harmful things".
Instead, take the point of view of accepting only known good values.

It is much easier to add functionality you know than to remove
vulnerabilities you don't know. :)

 - Nick