Information travels from server to client and back and one needs to discuss server,client and their connection.
-
Secure the server: here one needs to be worried about preserving confidentiality of data (different for different parts of information) and privileges/capabilities of CGI scripts
-
Scripting capability of Perl can be exploited in unwise CGI programs
-
User could input string "I am Geoffrey" or more deviously something like "I am";rm -r *;print "Pretty Evil" and the hidden program can delete files if the Perl CGI script unwisely applied eval(input string)!
-
A slightly more complex input can be dangerous with other Perl commands -- this can be circumvented by testing input for special characters
|
