when is secure, secure?

Lo everyone,
I wrote a custom authentication handler for PureFTPD, using a combination of
authentication methods, for about 4 different types of users.
So far, from testing it, it does look to work properly, and does it's job
pretty well (and fast).  I use #!/usr/bin/perl -W as well as use Strict, and
use warnings, and the code returns no errors or warnings when run.
I am right to presume that this basically only really tells me the my syntax
and structure of the application is right?  What's a good way to see whether
it is actually SECURE... There is a couple of lines of code that I have my
reservations about and am thus not 100% happy with the script...

--
me
0
savage
4/17/2003 6:56:01 PM
📁 perl.beginners
📃 29388 articles.
⭐ 4 followers.

💬 2 Replies
👁️‍🗨️ 3691 Views


> I am right to presume that this basically only really tells=20
> me the my syntax
> and structure of the application is right?  What's a good way=20
> to see whether
> it is actually SECURE... There is a couple of lines of code=20
> that I have my
> reservations about and am thus not 100% happy with the script...
Read up on "taint mode".
0
Luke
4/17/2003 6:58:09 PM
Try reading perlsec
And try this CGI course, that's based on security
http://users.easystreet.com/ovid/cgi_course/index.html
I'm not so good at security, but this course gave me a very good overview of
what I could be letting away.
-rm-
----- Original Message -----
From: "Chris Knipe" <savage@savage.za.org>
To: <beginners@perl.org>
Sent: Thursday, April 17, 2003 12:56 PM
Subject: when is secure, secure?

> Lo everyone,
>
> I wrote a custom authentication handler for PureFTPD, using a combination
of
> authentication methods, for about 4 different types of users.
>
> So far, from testing it, it does look to work properly, and does it's job
> pretty well (and fast).  I use #!/usr/bin/perl -W as well as use Strict,
and
> use warnings, and the code returns no errors or warnings when run.
>
> I am right to presume that this basically only really tells me the my
syntax
> and structure of the application is right?  What's a good way to see
whether
> it is actually SECURE... There is a couple of lines of code that I have my
> reservations about and am thus not 100% happy with the script...
>
>
> --
> me
>
>
> --
> To unsubscribe, e-mail: beginners-unsubscribe@perl.org
> For additional commands, e-mail: beginners-help@perl.org
>
>
0
ramon
4/17/2003 9:53:40 PM
Reply: