Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: A "newbies" thoughts on cgi.pm...

by grep (Monsignor)
on Apr 07, 2002 at 08:12 UTC ( #157245=note: print w/ replies, xml ) Need Help??


in reply to A "newbies" thoughts on cgi.pm...

Well since I just had a huge debate with my boss about reinventing good wheels, I may be a little on edge about this subject so please try not to take this as an attack, it's not.

reinventing good wheels is a waste of time. Why is it a waste of time?:

  • the time of coding (obvious)
  • the time of debugging
  • the time fixing the security holes you have introduced and must fix
  • the time checking to see if any of your previous security holes have been exploited, once found (ala M$)
  • the time to add the functionality of returning an array when when you have multiple values once you find out you need that functionality
  • the time Lincoln Stein (and others) have spent taking suggestions and implementing them
  • the time lost by other contributers who use the good wheel like Ovid and his CGI::Safe
  • Now notice I did not say that CGI.pm is the be all, end all, nor did say improving the wheel was bad (who would want to live in a world with out sporty rims), but rewriting a perfectly good piece of code and in the process introducing security holes (your admission) and broken functionality (another admission) is not only a waste of time, but a sure way to find yourself in a heap of trouble.

    your points (as I see them):

  • Because it did things that i didnt know about - does it do them correctly? Do you have the source code? if the source is to hard to read is there a place to ask about the source?
  • How do i tell what was sent via 'get' and what was sent via 'post'? - $ENV{'REQUEST_METHOD'}
  • i prefer a hash - there are several examples of pushing cgi params into hash available here
  • Yes, using your own solution may be less secure, but you can fix that! - but what if you don't know what to fix? what about your apps before you fix them should they just be insecure when you have a secure alternative?
  • Using functions to output wellformed html - use CGI::Lite
  • provided a valuable learning oppurtunity - what's wrong with reading the source? You can always read the CGI RFC
  • it doesnt go around slurping up stdin when i dont want it to - what case would this matter? you have querystring and you have direct access to the parameter list


  • grep
    grep> cd /pub
    grep> more beer


    Comment on Re: A "newbies" thoughts on cgi.pm...
    Select or Download Code
    Re: Re: A "newbies" thoughts on cgi.pm...
    by tjh (Curate) on Apr 08, 2002 at 16:55 UTC
      In line with grep's comments, I prefer using mature modules because they do things I don't know about, may have forgotten, or didn't know that I didn't know.

      What I don't know can kill me, and what I don't know that I don't know will send me to hell afterwards. :)

      Not that you don't have a right or freedom to reinvent anything you like, it truly is a valuable learning experience - if you learn.

      0.02

    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Node Status?
    node history
    Node Type: note [id://157245]
    help
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others chilling in the Monastery: (11)
    As of 2014-09-19 17:37 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      How do you remember the number of days in each month?











      Results (143 votes), past polls