DelphiFAQ Home Search:
General :: Programming :: perl
General questions about perl.

Articles:

This list is sorted by recent document popularity (not total page views).
New documents will first appear at the bottom.
Recommended links on this topic:
Featured Article

Some ideas for more web security with perl scripts

Question:

What can I do in my perl scripts to increase security of my web site?

Answer:

My site got hacked once and I was lucky that the 'hacker' wrote me an email pointing out the problem. My main mistake had been that I had a script which got a file name as an parameter, read that file and displayed it as the next page. The idea had been that the script would get one of 3 different HTML pages as parameter.

What the hacker did was identify how this script worked by looking at how it was invoked, then he called the script directly using GET requests and passing other (normally not visible) files as arguments. That way he was able to read my perl scripts in source .. and obtain the mysql database password.

Some lessons learned from that.

  1. If your script reads a file and you use relative file names driven by user input, absolutely make sure that these files are in (or under) the directory that you intended. E.g. check for '..' in the passed file name. Better yet, do not allow to pass a directory but only a file name and hard code the directory in your script.
  2. Make sure that there are no <!-- in any arguments. The intruder could try to sneak a server side include into your HTML in case you display the output on a .shtml page. See the
  3. Check the referrer of your script. It should be your own site meaning that no external site will have a link to your script. Some users will suppress the referrer, so you will have to accept an empty referrer value.
  4. Only allow to pass data with POST requests and ignore GET requests. POST requests are a bit more difficult to fake.

# checking the referrer:
 
 # a list of valid referrers; the first one is your IP number
 @referers = ('12.34.56.78', 'www.coders-corner.com', 'coders-corner.com');
 
 check_url();
 
 sub check_url {
    $check_referer = 0;
 
    if ($ENV{'HTTP_REFERER'}) {
       foreach $referer (@referers) {
          if ($ENV{'HTTP_REFERER'} =~ /$referer/i) {
             $check_referer = 0;
 	    last;
          }
       }
    }
    else {
       $check_referer = 1;
    }
 
    if ($check_referer != 1) {
       # bad referrer
       print "Location: http://www.coders-corner.com\n\n";
       stop;
    }
 }
 
 #===================================================
 # when parsing form data (assuming that $value holds a passed value)
 # do this:
 # If they try to include server side includes, erase them, so they
 # arent a security risk if the html gets returned.
 # Another security hole plugged up.
 $value =~ s/<!--(.|\n)*-->//g;
 

Generated 12:02:04 on May 24, 2017