---

EarthWeb: Security Issues in Perl Scripts

“Perl is one of the most widely used languages for writing
interactive applications on the Web, and Perl programs are widely
used for various system administration tasks. Applications that
serve these tasks must provide reliable access to security
sensitive functions and information, and at the same time ensure
that no one is granted access to data or functionality that was not
intended for them. In this two-part article, Jordan Dimov and John
Viega evaluate some of the common security weaknesses and
vulnerabilities of Perl applications and give an overview of the
features that the Perl language provides to aid the programmer in
hardening the security of their applications.”

“A programming language, by design, does not normally constitute
a security risk; it is with the programmer that the risk is
introduced. Almost every language has certain flaws that may
facilitate to some extent the creation of insecure software, but
the overall security of a piece of software still depends largely
on the knowledge, understanding, and security consciousness of the
authors. Perl has its share of security “gotchas”, and most Perl
programmers are aware of none of them.”

“In this article, we will look at some of the most widely
misused and overlooked features of Perl. We’ll see how their
incorrect use can pose threats to the security of the system on
which they are running as well as to their users. We will show how
such weaknesses can be exploited and how to fix or avoid
them.”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis