Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re^8: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)

by chromatic (Archbishop)
on Mar 15, 2013 at 05:31 UTC ( [id://1023617]=note: print w/replies, xml ) Need Help??


in reply to Re^7: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
in thread The most powerful CMS developed in Perl (not spam, sounds that way)

Re: input length

That says nothing about the Content-Length header. Sure, you could configure your web server to kill the execution of your program after it performs a blocking read for more than 90 seconds, but it wouldn't take much effort at all to DOS your server by sending tiny trivial requests.

Which data loss 'bug' are you referring to?

The one where you lose query parameters.

Parameter separator bug, I presume you are talking about the lack of '=' also setting the value to 1.

Nope. Read the RFCs.

The URI input is parsed using a standard method and is UTF8 compatible

I didn't write "UTF-8". I wrote "encoding". What if, for example, one of your users uses IE on Windows and submits a form with the CP-1252 encoding? Do you know if you handle that correctly? Are you sure that you're decoding characters outside of the ASCII range correctly?

  • Comment on Re^8: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
  • Download Code

Replies are listed 'Best First'.
Re^9: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
by Anonymous Monk on Mar 25, 2013 at 16:23 UTC
    1.the 'encoding' issue can be knocked on the head. Igaro uses utf8 for everything and submits forms over ajax specifically with utf8 encoding set. Although I haven't tested it all languages, it certainly works fine in English and Greek.

    2. No query parameters have yet been lost, so please refer me to the specific RFC which states the method of parsing you refer to?

    3. how can the CGI script block read for ninty seconds if you send a tiny trivial request? CGI does not enable content-length by default, and neither does igaro.

[reply]

In Section Cool Uses for Perl

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1023617]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (6)
As of 2024-04-18 05:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found