[Date Prev]   [Date Next] [Thread Prev]   [Thread Next] [Date Index]   [Thread Index]


     Re: [nocol-users] security problems with webnocol.cgi,genweb.pl,notifier.pl, etc.

	Those interested in securing code, perl or otherwise, might
	find useful links at http://www.shmoo.com/securecode/. For
	perl specifically the perlsec man page is worth a read.


Steve Thrasher wrote:
> If I may make a quick suggestion - as for tightening things up a bit for
> security purposes.  It's always a good idea to use proven methods rather
> than make things up as we go.  I have found that majordomo has done a pretty
> good job in the security arena.  Of course there are always issues but
> overall it's not bad.  Maybe you could borrow some of their strategies that
> seem to work pretty good.  For example, their permission scheme is pretty
> tight.  Not bullet proof but well done.
> My $0.02 for what it's worth.
> ---
> Steve Thrasher
> Technology Director, UZIX
> http://www.uzix.com/
> Keeping the simple, simple,
> Making the difficult easy,
> and automating the near impossible.