13.1. Locking down your system

Interchange has lots of built-in protections to make developing your catalogs pretty care-free. But it will definitely pass you the ammo to shoot yourself in the foot, as will any templating system that has power. So you have to be careful, as you do in any scripting environment.

Most of the protections have to do with:

  1. Tags like [cgi foo], [data ...] and such are not reparsed for tags.
  2. The [value foo] tag never allows a left square bracket to be output.
  3. Safe is used for Perl, which means that arbitrary perl code which reads/writes or uses IO is not possible.
  4. The Interchange files don't need to be readable or writable by any other user ID, so CGI/PHP programs run by the web server can't get at them.
  5. Dangerous operations are allowed only via global UserTag, and not by catalog UserTag.

But there are ways that user-entered data could end up getting parsed for tags. The most common breach is to take possibly tainted user data entered into a form and put it in a database without filtering it first. There are several ways to do that:

        Filter  name     textarea_put
        Filter  address  textarea_put
        Filter  comments textarea_put
        Filter  email    textarea_put

There are other ways to nail down your system and make it more difficult to have a security problem.

      Database products WRITE_CONTROL 1

All in all, Interchange has been proven to be securable over time. But we all have to do our part and think about what we are doing with user-entered data.