Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re^2: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)

by snoopy20 (Novice)
on Feb 04, 2013 at 10:45 UTC ( #1016930=note: print w/ replies, xml ) Need Help??


in reply to Re: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
in thread The most powerful CMS developed in Perl (not spam, sounds that way)

I think you need to look at it properly.

1. There is no SQL injection, all code is protected. Please supply any example where it is not.

2. CGI is bloated. The internal method is MUCH faster.

3. Don't have enough functions - are you kidding!!! Have you counted the amount of functions??? try /igaro/, /igaro/functions/, igaro/functions/plugins etc.

The reason those particular bits you refer to are not functions is they are not called again by any function. When code is duplicated it becomes a plugin and stuck in /igaro/. You'll see that there are already many.

4. No strict refs impossible when using &{$..} as far as I'm aware.

Regards, Andrew


Comment on Re^2: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
Re^3: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
by Anonymous Monk on Feb 04, 2013 at 10:59 UTC

    There is no SQL injection, all code is protected. Please supply any example where it is not.

    I linked the xample. 1) you don't use $dbh->quote, 2) you don't use placeholders 3) you interpolate variables into $dbh->do

    2. CGI is bloated. The internal method is MUCH faster.

    *sigh* So you didn't read use CGI or die, congratulations, this is the last time I give you advice :)

    Don't have enough functions ...

    :|

    4. No strict refs impossible when using &{$..} as far as I'm aware.

    Gee, kinda why I said to use pluggable and real actual modules not .functions

    Have a nice day

      Here goes… 1. $dbh_quote is used all over, but not when it's not required where the variables have been pre-checked by parent modules. This is faster. 2. The denial of service you refer to I presume is the overloading of URI data, to be fair there are much easier ways to create a DOS attack than this. This I think should be left to the web server. Otherwise, you haven't given any credible explanation as to why CGI should be used over the internal method. 4. Not possible without object orientation. Nothing wrong with &{$_} either.
        The denial of service you refer to I presume is...

        You presume? You said "It already features the best security system of any CMS (I believe this)", and you can only guess as to the bugs in your hand-rolled CGI parser? Did you read any of the relevant RFCs before you wrote that code?

Re^3: The most powerful CMS developed in Perl (not spam, sounds that way) (without functions)
by chromatic (Archbishop) on Feb 04, 2013 at 18:12 UTC
    CGI is bloated. The internal method is MUCH faster.

    Maybe it's faster, but it has at least one denial of service bug and one data loss bug. (I stopped looking after two seconds, so it may have more bugs).

      Not sure what data loss bug you are referring to? Overloading with data will not cause a DOS attack, the web is far too slow for that, and there are no other security issues that will cause a DOS failure that I'm aware off. And not 'Maybe' it's faster - it is faster. ;) Please refer to specific lines of code as your comments are at best spurious. I don't mean to sound offensive, but I am unable to relate to the specific issues you are pointing out. Regards, Andrew
        there are no other security issues ... that I'm aware off.

        That you are aware of.

        Please refer to specific lines of code as your comments are at best spurious.

        I'm not here to do your homework for you.

        Don't guess as to how you think the web works. Read the relevant RFCs. Read working and tested code if you're determined to do it your own way. Do it right or do it wrong—I don't care—but if you're going to claim that you're doing something better than everyone else, at least do the world the credit of trying to get it right.

        Hi, Reading the relevant documentation on CGI.pm shows the two so called 'DOS attacks' you refer to are disabled by default and left to the web server, as does my own 'cooked CGI'. This is not a bug or security issue. There are no other security bugs and the system is fully protected and tested against SQL injection. Should you have any further advice can you please point out with at least one line of relevant code. If not, I'd appreciate it if you can drop the negativity. I'm here to get it right and will solve any issues that are identified. Any statements are justified. If you install the system and get it up and running you will see the hugely powerful security and the differentiation that it can do. I sympathasise that installation is not as straight forward as others and documentation is lacking, but again this is powerful software for web developers not web users. Yours, Andrew

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1016930]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2014-08-27 23:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (253 votes), past polls