Search iEntry News



Random Code In CGI/Perl Script

By Chris Crum
Staff Writer
Article Date: 2007-06-26

Here I am again bringing some discussion from our WebProWorld forum to the readers of PerlProNews.

The post "Random Code in CGI/Perl script" comes from member dharrison.

I have a client who has to use a CGI/perl form script for his online enquiry form at Quality Matters He absoltely cannot use PHP as his main email address is AOL and it comes up as gobbledygook.

Anyway, my question is: Can anyone recommend a good security feature (eg. random code/image) that can make this form any more secure?

I have tried figlet but its a bit confusing to set up.

Any help will be gratefully received.

"After a lot of research into the same problem I came to the conclusion that PHP is the only way to go," says RegDCP. "His AOL address should not come up as garbage but an email address @quality-matters.com could be used for the PHP, and redirected to his AOL address through his hosting server's admin, if needs be."

Scotthai says:

You posted a very interesting topic, although you have already finished the script from figit, or whatever it was, you just handled a real difficult topic. I have been able to use PHP to write the security images, however, I have also been able to use remote JavaScript, which is obfuscated to the robot or SPAM bot, and this sets a cookie that I am able to pick up apon after the script has gone to the CGI bin.

However, a new and better technique is to use an AJAX based email form, if you use deep rooting, ex. ../../../forms/email.html, then pop the AJAX email form over the page by using an empty div and writing the innerHTML via Javascript, to pull the email page into the original page, the robot will get confused. It won't be able to send an email via your form, because it won't be able to find the form, which in essence is in an empty div in your html.

This is a flawless technique, until the robots get smarter and begin to follow AJAX paths. However, going back to the obfiscation, if you use a javascript obfiscation program prior to the launch of the page which is making the AJAX call to the email form, you will undoubtedly never become prey for the SPAMbots again, and AJAX is fun to use as well.

This was long and confusing. I just wanted to say that their is another non-PHP technique as well!!

Please stop by the forum if you would like to add to this discussion.
About the Author:
Chris is a staff writer for WebProNews. Visit WebProNews for the latest ebusiness news.


Newsletter Archive | Article Archive | Submit Article | Advertising Information | About Us | Contact

PerlProNews is an iEntry, Inc. ® publication - 1998-2008 All Rights Reserved Privacy Policy and Legal