I've been scripting CGIs for a couple of years now but I still feel like a newbie. Some books and tutorials I read are very heavy on CGI security and I would like to have a simple security check list so that I don't overlook possible loopholes.

Here's what I'm doing at the moment, some of this only very recently.

1. Using taint mode.
2. Untaint using regular expressions.
3. Using CGI.pm
4. Checking referrer #I know it's a bit lame
5. Using strict

Until recently all of my scripts simply accepted user input did some calculations and printed these to the users browser while sending me an email of the calculation. Now I'm moving on to writing data to files on the server and then using this data to send to the users browser. It is this writing of data to the server which has made me more paranoid than usual.

Any comments or suggestions appreciated.

Best wishes

Sid