ISAPI Perl Security Page 7

By Gunther Birznieks (Send Email)
Posted Aug 16, 2000


One last thing: It is unfortunate, but ISAPI Perl installs by default in a manner that is not as secure as it could be. Specifically, a feature of Perl known as taint mode places Perl on a constant and vigilant alert to hacking attempts. More information on taintmode can also be found at the Taint Mode FAQ.

ISAPI Perl installs without this feature enabled. If you wish to enable this feature, you must go into the Web Server Config section of the ActiveState Perl documentation discussed earlier and place a "-T" in between the "perl.exe" and "%s %s" command-line parameters.

The "-T" flag tells Perl to run in taint mode. We should note, however, that many Perl scripts are, unfortunately, not written with taint mode in mind, so adding this flag may break existing scripts! Be sure to test thoroughly if you do choose to set this flag.



Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.