|
General Principles for Good Programming and
Basic Security
- Check input for format and validity
- Check return values from functions
- Return diagnostics on error
- Comment code, including expected input & output
Strategy: "or die"
- Use the "or die" (aka "|| die") syntax
when an error should cause a program to exit
- Examples:
open (INFILE, "<$myinput") || die "Couldn't open $myinput: $!";
my @arr=split(/ /, $inline) || die "Split failed on $inline: $!";
my $x=0; if (! (my $sr = sqrt($x))) die "sqrt failed: $!";
- Be careful when testing for truth versus 0. Usually, 0
is treated the same as false.
But wait, there's more!
- Basic error checking and confirming function execution is
important, but it's not all
- There are many other opportunities for security problems
and bugs, especially in code that will operate on user-supplied
input (such as CGI programs).
- Your text's Chapter 23 offers an overview
of powerful strategies that Perl offers to mitigate risks.
One of the easiest and most important for CGI-type code is
to enable taint mode via the -T command-line switch.
|