EarthWeb: Security Issues in Perl ScriptsFeb 07, 2001, 18:18 (2 Talkback[s])
(Other stories by John Viega, Jordan Dimov )
"Perl is one of the most widely used languages for writing interactive applications on the Web, and Perl programs are widely used for various system administration tasks. Applications that serve these tasks must provide reliable access to security sensitive functions and information, and at the same time ensure that no one is granted access to data or functionality that was not intended for them. In this two-part article, Jordan Dimov and John Viega evaluate some of the common security weaknesses and vulnerabilities of Perl applications and give an overview of the features that the Perl language provides to aid the programmer in hardening the security of their applications."
"A programming language, by design, does not normally constitute a security risk; it is with the programmer that the risk is introduced. Almost every language has certain flaws that may facilitate to some extent the creation of insecure software, but the overall security of a piece of software still depends largely on the knowledge, understanding, and security consciousness of the authors. Perl has its share of security "gotchas", and most Perl programmers are aware of none of them."
"In this article, we will look at some of the most widely misused and overlooked features of Perl. We'll see how their incorrect use can pose threats to the security of the system on which they are running as well as to their users. We will show how such weaknesses can be exploited and how to fix or avoid them."