user chromatic <!-- birthday:yyyy/09/08 --> <!-- location:latitude=45.30.36,longitude=122.55.09 --> <blockquote><em>"I won't aks you to grow up, but just sometime, please, aks yourself, OK, 'Who was saved?' That's all, rill easy, 'Who was saved?'... Just in the privacy of your thotz, Zoyd. As an exercise, li'l kinda Zen meditation. 'Who was saved?'... Here I thought you knew everything, it turns out you don't know ****."</em></blockquote> <p>&mdash; Thomas Pynchon, <em>Vineland</em></p> <h2>Perl Resources</h2> <p><a href="http://www.onyxneon.com/books/modern_perl/index.html">Modern Perl: the book</a> explains how Perl 5 works and how to take advantage of Perl 5.10, 5.12, and 5.14. It's from <a href="http://www.onyxneon.com/">Onyx Neon</a> press, an independent publisher of great technical books.</p> <p>I've written, edited, and contributed to other <a href="http://wgz.org/chromatic/books/">technical books</a>.</p> <p>I maintain a list of <a href="http://modernperl.net/">Modern Perl resources</a>.</p> <h2>Other Information</h2> <p>I am available for <a href="http://wgz.org/chromatic/work/consulting.html">development, mentoring, refactoring, and project management consulting</a>. I can help your project succeed!</p> <p>My work includes the technical direction of <a href="http://bigbluemarblellc.com/">Big Blue Marble</a>, and I am the lead developer of <a href="http://trendshare.org/">Trendshare</a>, a site devoted to financial and investing literacy for novice investors (with a focus on value investing).</p> <!-- <p>I once wrote Perl while riding a camel in the Sahara.</p> <p>All code posted here, unless otherwise noted, is copyright me. You are welcome to use it for the purpose of instruction, example, or as a base for your own programs. You are permitted to incorporate a code into programs for which you or your business receive compensation (of whatever form), provided it is clear that you found Perl Monks useful. Add a link to the appropriate node.</p> <p><hr width="60%"><p> <!-- <p>Here are some reasons to use [CPAN://CGI.pm] instead of code from a book: <ul> <li>Handling POST requests is different from handling GET requests. You cannot switch between the two easily with many home-grown parsers. Even if you can, a malicious user can possibly break your program by switching methods. Game over.</li> <li>It's non-trivial to write a decoder for the multipart/form-data encoding. (I should know, [jlp] and I wrote one, with notes from [japhy] and Lincoln Stein.) If you want to handle file uploads, you're going to spend a lot of time cursing.</li> <li>Very few home-grown approaches handle multiple values associated with a single name. What if you have a checkbox group, or a multiple-selection list? Depending on how you handle input, you'll clobber all but the last parsed value. Oops. So that's why people only order one thing at a time.</li> <li>Your server may be vulnerable to Denial of Service attacks, if you don't check the Content-length header. (You may want to set a limit on the amount of data accepted via POST. You'd hate for someone with a T3 to upload an entire CD worth of data in a single request, especially if you don't have that much memory available to your server.)</li> <li>Even if you do check Content-length, does your handler check to see if it's received all of the data? What happens if it encounters truncated data? Does it recover gracefully, or does it process the request with mangled data?</li> <li>Does your code handle the quirks (and downright bugs) of various web browsers? When Netscape or IE is braindead, will your program get correct information?</li> <li>Even if your code allows for multiple values with a name, does it account for scalar and list context when accessing that field? Does it make extra work? Does it join all values together into a string and require you to split on a character that could (by accident or malicious intent) be present in one of the values?</li> <li>Does your code encode and decode URI-encoded characters correctly?</li> </ul> If you're not sure, feel free to [Seekers of Perl Wisdom|ask]. (For the sake of your skin, I recommend that you mention in your post that you want to be educated about these vulnerabilities. If you say that you think CGI.pm is a bloated piece of trash and can't understand why anyone would use it, you'll get rather incivil results. If you genuinely seek enlightenment and mark your code snippet as unproven and possibly broken, you'll get a better result.) <p> Feel free to link here or to [Ovid]'s <a href="http://www.easystreet.com/~ovid/cgi_course">CGI course</a> for more detail. <hr [id://65781|the map is posted at nearly every street corner]--> 2013-05-21 00:39:17 57100 358258 539852 5844 chromatic industries America/Los_Angeles on