Re: Apache and perl CGI



Perl has a "taint" mode (add switch "-T" to the command line or shebang line, as in "#!/usr/bin/perl -T"). The taint mode, I think, prevents user input from being used in unsafe operations until it is filtered by a regular expression.

Taint mode is not as comprehensive as PHP's safe mode. Type "perldoc perlsec" on the command line for a good tutorial on security in Perl.

Perl also does not have a built-in "mail" function.

For timing out an HTTP request, see Apache's "Timeout" directive.

HTH

Bogart

On Dec 2, 2007, at 5:03 PM, Misko wrote:

I am starting creating pages with perl and have some question.
I want to know if perl has something similar to PHPs safe mode.
Especialy if there are some limitation for how long script can run
(PHP has usually 30 second limit) and if perl can have disabled
some features (as fsocketopen() and mail() in PHP)?

Thanks,
Misko


--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx



--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx



Relevant Pages