I have a problem with the IT folks in my department. Basically, they won't let me develop web applications for my job because Perl is not allowed on a computer that has internet. They say that if I take data off the web, run Perl programs, and store data in mysql, our system isn't secure. I don't want to post anything to the internet (yet), so it's all internal...so why are they giving me such a hard time for something that would actually help our office?

What kind of security items should I focus on to convince them that my programs are secure and that it won't affect our network? If this is vague, I can clarify. Thanks!
Shad

Use the "strict" and "warnings" pragmas.

Validate and check all user input thoroughly.

Use the -T switch so perl can warn you of any potentiall security problems.

Run your CGI scripts with the lowest possible permissions.

Use secure connections if passing sensistive data over the internet, like HTTPS.

First off, they are completely clueless about Perl.

If I were to guess, I'd say that someone in the past wrote some really bad/insecure Perl web scripts and now they are "gun shy". The same could happen with and does happen with every web language. If written properly by a competent programmer, Perl web scripts are very secure.

I had a similar issue where the security concerns were minor, but because our manager didn't know Perl very well and thought it to be slow, he DEMANDED that all web related scripts be written in php. It took me a full year to convince him otherwise. I won him over when I provided him with documentation that Rasmus Lerdorf, php's creator, admits that he has never been able to get php to run as fast as Perl. In addition to that, I provided him the apache board meeting minutes where they were distancing themselves from php (due to its usage of proprietary licensed code) and disguising the removal of it from the next version of apache.

Your question is too vague and lacks code samples so I can only give basic recommendations.

1) Always run your scripts with strict, warnings, and taint mode enabled.

2) Avoid using system calls, especially when passing user supplied data.

3) Document you code.

4) In the beginning, provide your IT people with your pseudo code for their review. It will also help you to have a clear picture of what you need to accomplish.

5) Pick up a copy of Perl Best Practices and follow them. http://www.oreilly.com/catalog/perlbp/

Thanks folks...I will use and implement your suggestions.
Shad