On mySimon: Skullcandy Hesh Headphones
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 16 of 30:
Next »
« Previous
Maybe tough but not impossible
Prepared statements would help, as would using data access objects which encapsulate and shield all database logic from the developer and the application.

All I'm saying is, there are ways to do enterprise-class computing for the web securely. What definitely not to do is exposing your scripts to the internet, or exposing your webserver to the internet at all. (If you don't understand this, you're probably in the category of the woefully uneducated about basic programming techniques and need to do some studying on network topologies and architectural frameworks and get up to speed with the more advanced programming techniques....)

A setup as you are describing is not used in enterprises. Exposing your cgi-bin to the internet is a very well-known security risk and hosting providers should be aware of these and take measures. Smuggling in code through a clever hack in format strings is still pretty impressive but most of the security holes you mention are well known and dealt with in enterprises.

Many webapps aren't thoroughly tested because of time and money issues. In enterprises this is mandatory.

Besides, who uses Webmin over the internet? I'ld never do that. Only over an intranet or VPN. Just to be on the safe side.

Really, enterprise security is rather good. You wouldn't believe how many hoops you're going through before you're click on a webpage is executed by, say, an airline reservation system or a banking transaction system. There's a reason why these systems generally tend to be slow and expensive.
Posted by: rein8   Posted on: 12/01/05 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

So is this a flaw...  toadlife | 11/29/05
nope - and here are the details  GDF | 11/30/05
There is nothing wrong with your example  balsover | 11/30/05
It *could* be webmin  diggyk@... | 11/30/05
You are HALF-RIGHT - You are only HALF right - THIS IS NOT A PERL PROBLEM.  jrbeaman | 11/30/05
So is this flaw...  toadlife | 11/29/05
Deja vu  Mr. Big | 11/29/05
Except for the number of posts  Boot_Agnostic | 11/30/05
Sounds more like a webmin flaw  johndoe445566 | 11/30/05
Just like PHPNuke...  Expatriate US Geek | 11/30/05
Quoth Barbie: "Web dev is tough!"  Justin James | 11/30/05
Programming Practices  Yensi717 | 11/30/05
EXACTAMUNDO!  jrbeaman | 11/30/05
Required Reading  springerj | 11/30/05
thankfully, perl can force you to validate your data  spr0ck3t | 12/01/05
Maybe tough but not impossible  rein8 | 12/01/05
Maybe tough but not impossible  rein8 | 12/01/05
Open Source Zealots Dowplay Danger Of Perl Flaw On ZDNet Talkbacks  Rokstar83 | 11/30/05
If you find it offensive...  balsover | 11/30/05
Maybe I didn't make myself clear  Rokstar83 | 11/30/05
Programming not a religion?  jrbeaman | 11/30/05
if that is your opinion then perhaps you are a good example  balsover | 12/01/05
ZDNet didn't write that title  toadlife | 11/30/05
Well in that case...  Rokstar83 | 11/30/05
(nt)I've reported it to ZDNet  toadlife | 11/30/05
Wow!  Loverock Davidson | 11/30/05
On the whole...  John L. Ries | 11/30/05
"I never thought Perl a very good language" ???  jrbeaman | 11/30/05
Not  balsover | 12/01/05
use taint; could have prevented this. webmin is horrible  spr0ck3t | 11/30/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement
Click Here
  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More