SIGNUP LOGIN

HOME TUTORIALS SCRIPTS ANSWERS ONLINE SERVICES TOOLS BLOG FORUM JOBS

Build a Perl/CGI Voting System

By Allan Peda
2005-07-05

Other security considerations could and should be taken into account when using this script. Any program that allows an external entity to input data is vulnerable to malicious activity, such as buffer overflows and embedded control characters. Conversely, the use of a dedicated routine to read and write local DBM files has at least one benefit: There is no possibility of SQL injection when there is no SQL back end to access.

In a nod to the need to filter incoming data, I set the variables $CGI::DISABLE_UPLOADS and $CGI::POST_MAX to very strict values. Additionally I recommend the following:

• String all incoming variables of all unexpected characters and truncate the length to a reasonable limit.
• A lot of runtime data is kept inside the script. The advantage to this practice is that there are fewer files to distribute and to set permissions for. The disadvantage is that users may not want to edit code, and the code becomes less clear. A possible compromise may be to take advantage of kludges such as the DATA pseudo-file handle to tuck data at the end of a script.
• File locking is a very tricky issue and race conditions abound. It seemed that for every guideline I found spelling out the correct way to lock files, a subsequent correction was posted. I tried to minimize the time files were open and leverage the locking mechanism provided for the MLDBM module.
• Perl modules are not put in their own path away from the CGI, so they could theoretically be executed from the cgi-bin directory. It is recommended that these modules not be set as executable.
• PHP is practically ubiquitous on Linux platforms, so I would consider porting this script in PHP if the need to reimplement it arose. However, I am not sure there is a PHP equivalent to the MLDBM module.
• The layout of the voting form is considered unfair by some since it presents the first candidate as a default.
• I did not use perldoc. I should.

Tutorial pages: Using locked DBM files with CGI-driven forms saves client data without DBMS overkill CGI considerations: Simplicity vs. complexity Functional design considerations Details: Hash keys Details: E-mail gotchas Details: Not-so-secret ballots Details: File layout Details: Static vs. dynamic DNS Details: Is GET harmful? Other possible improvements Conclusion Resources

First published by IBM DeveloperWorks

Stumble It!

2 Votes Select Rating Excellent Very Good Good Fair Poor Showcase Your Tutorials

You might also want to check these out: Random subroutines in Perl Log Script Use Creating Perl Modules for Web Sites Bit Vector, Using Perl Vec Perl Range Operator Creating Perl Modules for Websites

You must be logged in to post a comment.

Link to This Tutorial Page!
<a href="http://www.developertutorials.com/tutorials/cgi-perl/perl-cgi-voting-system-050705/page10.html" title="Build a Perl/CGI Voting System">Build a Perl/CGI Voting System - Build a Perl/CGI Voting System</a>

Tutorials AJAX ASP CGI & Perl CSS Flash HTML Illustrator Java JavaScript Linux MySQL PHP Photoshop Python Wireless XML Miscellaneous Scripts AJAX ASP ASP.NET CGI & Perl Flash Java JavaScript PHP Python Remotely Hosted Tools & Utilities XML Online Services Domain Names Hard Drive Recovery Internet Marketing Online Backup Online Training Payment Processing SaaS Software Escrow Web Design Web Development Web Hosting Directory Web Hosting Articles Developer Manuals Learn HTML Learn PHP Learn CSS Learn AJAX Learn JavaScript Learn Pear White Papers Resources Tutorial Directory Webmaster News Developer Content

Write For Us | Advertise with Us
Website Design by Ducani Media Group. Copyright ©2004-2010 NetVisits, Inc. All Rights Reserved. Privacy Policy.