Taint Mode in Perl: Unterschied zwischen den Versionen
Aus Markus' Wiki
Markus (Diskussion | Beiträge) |
Markus (Diskussion | Beiträge) |
||
| Zeile 6: | Zeile 6: | ||
$dbh->TaintIn = 1; | $dbh->TaintIn = 1; | ||
$dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query | $dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query | ||
| − | |||
Good Links: | Good Links: | ||
| Zeile 14: | Zeile 13: | ||
* http://www.linux-praxis.de/lpic2/lpi201/perl3.html | * http://www.linux-praxis.de/lpic2/lpi201/perl3.html | ||
* http://en.wikipedia.org/wiki/Taint_checking | * http://en.wikipedia.org/wiki/Taint_checking | ||
| + | |||
| + | Similar Problems in PHP: | ||
| + | * http://www.codehelp.co.uk/php/taint.php | ||
Aktuelle Version vom 9. Juli 2012, 08:16 Uhr
Code Injection:
#!/usr/bin/perl
my $name = $cgi->param("name"); # Get the name from the browser
...
$dbh->TaintIn = 1;
$dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query
Good Links:
- http://gunther.web66.com/FAQS/taintmode.html
- http://stackoverflow.com/questions/2228457/is-perls-taint-mode-useful
- http://www.linux-praxis.de/lpic2/lpi201/perl3.html
- http://en.wikipedia.org/wiki/Taint_checking
Similar Problems in PHP:
