cgi security

[Michael Ströder]

Sheila King wrote:
> 
> it seems that a primary
> rule, is to CHECK ALL USER INPUT.

I wrote my module cgiforms for this. You declare in advance which
form fields you accept and which regex pattern they should match.
it's slightly less flexible than the cgi module. And off course this
can also be used poorly.

More advanced checkings on input can be done by sub-classing the
formField class and write own __validateformat__() method.

I don't distribute the module separately because I do not want to
support it or keep it compatible to other code. But if you wanna
have a look at it just let me know.

Ciao, Michael.