Results 1 to 2 of 2
I'm writing a number of CGI scripts and applications that use /dev/stdin to pipe their input from an html form using the post method. I'm under the impression that since ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 12-15-2005 #1
- Join Date
- Jun 2005
- Canada, Halifax
apache cgi script /dev/stdin
Are there any known buffer over-runs, exploits, or other liabilities that I should be aware of when using this method (not including whatever my scripts and apps are up to of course)? Any advice will be much appreciated.
- 01-24-2006 #2
- Join Date
- Oct 2005
Get and Post
The main difference between the two is that GET can only supply a small
amount of information, sometimes only 256 bytes whereas POST is unlimited
unless you set a limit.
The main thing to keep in mind is that you can't trust any information supplied
by a user. If you ask for an email address, your script must check that it is only
an email address and not an email address followed by a command to email the
servers password file. If you ask for some text then you need to consider what
a chapter on security - read it carefully. Don't keep any essential information
in hidden fields in your html forms. Hidden fields aren't displayed but they can