[CTS] Re: GGI runs CGI
- From: John Madden <weez@xxxxxxxxxxxxx>
- To: computertalkshop@xxxxxxxxxxxxx
- Date: Thu, 28 Mar 2002 23:28:11 -0500
> I like the argument passing idea and will try it out. I don't quite
> understand the concern you have about security. People are using the
> script already, and bypassing some of the filters installed there
> somehow. In particular, certain casinos seem to have a way of getting
> past both email address and bad word filters, even if the terms they use
> are listed. I'm taking this step to sever the direct link to the script
> so that they can't continue. If the name of the link page script is
> changed to something they won't recognise, it should take quite a
> careful analysis of the censor to find out what it is. For that reason,
> I hope they are too busy to do that kind of analysis on one system out
> of countless others.
The problem isn't what the SPAMmers are doing, it's what the attackers can
do. Read the perlsec manpage...
> Would I be right that altering the variables to the form you described
> will make the script accept them only in the form the censor provides?
> If so, it will make compliance much more effective.
Yes... I think... :)
John
--
# John Madden weez@xxxxxxxxxxxxx ICQ: 2EB9EA
# FreeLists, Free mailing lists for all: //www.freelists.org
# UNIX Systems Engineer, Ivy Tech State College: http://www.ivy.tec.in.us
# Linux, Apache, Perl and C: All the best things in life are free!
---------------------------------------------------------------------------
-----
Computer Talk Shop http://www.computertalkshop.com
Un-subscribe/Vacation, http://questforcertification.com/cts/list_options.htm
List HowTo: http://questforcertification.com/cts/faq
To join Computer Talk Shop's off topic list, please goto:
http://questforcertification.com/cts/other_cts_lists.htm
---------------------------------------------------------------------------
------
Other related posts:
