Web Design::Perl::Input Validation

Writing secure forms & scripts. Prevent your script from getting hacked!
ASPN : Rx Cookbook : Removing dangerous characters from CGI forms
From: http://aspn.activestate.com/ASPN/Cookbook/Rx/Recipe/65124
When you write a CGI script, you should be conscious of the content of any user-supplied data your script processes. Malicious users can insert special control characters into form data to cause various nasty things to happen inside your server.

One simple way to "sanitize" user data is to filter out any characters in the data which are not within a set of allowed characters, as this example shows.
$_ = $user_data = $ENV{'QUERY_STRING'}; # Get the data
print "$user_data\n";
$OK_CHARS='-a-zA-Z0-9_.@'; # A restrictive list, which
# should be modified to match
# an appropriate RFC, for example.
$user_data = $_;
print "$user_data\n";

This example came from CERTŪ Coordination Center at Carnegie Mellon
University (http://www.cert.org/tech_tips/cgi_metacharacters.html).


Post a Comment

Links to this post:

Create a Link

<< Home