Because CGI programs allow external users to run programs on systems they would not otherwise have access on, all CGI programs represent a potential security risk. You want to minimize your exposure.
Use taint mode (the -T switch on the #! line).
Don’t blindly untaint data. (See below.)
Check return conditions from system calls.
Be conscious of race conditions (described below).
Run with -w and
strict to make sure Perl
isn’t assuming things incorrectly.
Don’t run anything setuid unless you absolutely must. If you must, think about running setgid instead if you can. Certainly avoid setuid root at all costs. If you must run setuid or setgid, use a wrapper unless Perl is convinced your system has secure setuid scripts and you know what this means.
Always encode login passwords, credit card numbers, social security numbers, and anything else you’d not care to read pasted across the front page of your local newspaper. Use a secure ...