You are asked to improve the security in the CGI handler scriptused to send comments to the Web master of your server. The currentscript in use is shown in Figure 11.10a, with the associated formshown in Figure 11.10b. Identify some security deficiencies presentin this script. Detail what steps are needed to correct them, anddesign an improved version of this script.
Figure 11.10a:
#! /usr/bin/perl
# comment.cgi – send comment to webmaster
# specify recipient of comment email
$to = “webmaster”;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
$q = new CGI; # create query object
# display HTML header
print $q->header,
$q->start_html(‘Comment Sent’),
$q->h1(‘Comment Sent’)
# retrieve form field values and send comment to webmaster
$subject =
PayPal Gateway not configured
PayPal Gateway not configured