Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
I have a bone to pick here. This "rant" is not Off-Topic (OT) as stated in the title. It is a mantra more important than use strict!

Perl is probably (and I'm completely guessing here, but I like to think it's an educated guess) the 2nd most likely programming language to be involved in a potential security incident (C being the first, since so many services are written in that-- and I'm trying not to think about Outlook right now). Not because the language Perl itself is weak or rife with holes, but because it is commonly used in situations where there is world-wide exposure for the resulting executable-- CGI scripts on the web. And web programming is deceptively simple seeming. Add a print "content-type: html/text\n\n" to your script and suddenly it's a CGI script.

But the paradigm shift from writing scripts for a trusted client in a secure environment (that is, the user probably doesn't want to trash their own box, so while we might verify their input makes sense we probably won't check it for interesting hacks related to piping dangerous commands to the shell) to writing scripts for a hostile environment is almost never covered well in "Quick Easy Perl Web Mastery" books, because that wouldn't be, well, quick or easy to master.

As long as you have the energy, please never feel it's off-topic or inappropriate to bring up security issues. :)

In reply to (ichimunki) Re: Security Rant by ichimunki
in thread (OT) Security Rant by Ovid

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and all is quiet...

    How do I use this? | Other CB clients
    Other Users?
    Others examining the Monastery: (5)
    As of 2018-05-26 06:41 GMT
    Find Nodes?
      Voting Booth?