develooper Front page | perl.perl5.porters | Postings from December 2012

Re: CERT Perl Secure Coding Standard

Thread Previous | Thread Next
From:
David Nicol
Date:
December 8, 2012 08:19
Subject:
Re: CERT Perl Secure Coding Standard
Message ID:
CAFwScO_tL_TGkfESPR498p9jr2z9s3UMCRwWs+aDUEEaQsT2Ww@mail.gmail.com
On Fri, Dec 7, 2012 at 8:41 AM, demerphq <demerphq@gmail.com> wrote:
> Anybody seen this?
>
> http://blog.sei.cmu.edu/post.cfm/the-cert-perl-secure-coding-standard

I'd like to take this opportunity to promote Tie::Function as an
elegant way to prevent all sorts of quoting injections. Url-encoding,
HTML Entitization, SQL quoting, and SQL identifier quoting can all
have their own hashes tied to Tie::Function, and then auditing against
injection attacks becomes very straightforward, and no data need be
quoted prior to use.

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About