View previous topic :: View next topic |
Author |
Message |
Isotonik -
Joined: 29 Feb 2008 Posts: 5
|
Posted: Fri Mar 07, 2008 7:54 pm Post subject: Perl and security considerations |
|
|
I've installed Abyss under Xubuntu and it works great. :)
My next project would be to install a YABB discussion forum. Now, Yabb requires - of course - Perl, which is already installed. I've studied the caveats of PHP, which requires some 'tuning' for more enhanced security.
I wonder whether Perl has any functions that should be disabled? I faintly remember that some hosting companies have disabled certain Perl functions, but I cannot find any comprehensive info of this issue.
Any Perl professionals here? Thanx. |
|
Back to top |
|
|
aprelium -
Joined: 22 Mar 2002 Posts: 6800
|
Posted: Wed Mar 19, 2008 7:06 pm Post subject: Re: Perl and security considerations |
|
|
Isotonik wrote: | Any Perl professionals here? Thanx. |
We're not Perl professionals but we're going to try to give you some information:
* Perl has some security features such as the tainted mode. Most serious script authors use it to restrict and detect bad uses of variables that could lead to code or SQL injection.
* All depends on the modules you have installed in Perl. Some are buggy, some are badly written. In general, if you are using Linux, the damage (if any) will be limited to the user account Abyss Web Server is running in. _________________ Support Team
Aprelium - http://www.aprelium.com |
|
Back to top |
|
|
Isotonik -
Joined: 29 Feb 2008 Posts: 5
|
Posted: Thu Mar 27, 2008 3:26 pm Post subject: |
|
|
Thanx for the answer. :) |
|
Back to top |
|
|
|