Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Re: •web site design, or lack thereof

by Hero Zzyzzx (Curate)
on Apr 07, 2002 at 15:13 UTC ( #157277=note: print w/replies, xml ) Need Help??

in reply to web site design, or lack thereof

One more clue, or lack thereof story. I stumbled upon this from some consulting/integration work I'm doing for a client.

My client outsources a major application from a company. The company provides an XML based API to do various management functions. You pass commands in a simple XML format via POST'ed forms.

Here's where the strangeness starts- You have to pass the admin username/password to access the management features, obviously.

Well, one of the ways they advocate interfacing with their API is to send an HTML page back to the client (the person at the web browser, in this case) with the form and data you want to POST (yes, with the admin username/password in it). The page has a javascript "onLoad()" handler that submits the form back into the API. This made my hair stand on end- this page with the admin info will be stored in the cache, and what if a user has javascript turned off (like if they were trying to hack the outsourced application?) I hope no one actually implements this- but I feel for people using languages without LWP, this would probably be the only easy way to do it.

I'm doing all the API work server-side with LWP::UserAgent because there's NO WAY IN HELL that I would send the admin username/password to the client. What the hell are they thinking? This app stores personal info about people (potentially CC numbers too). I pointed this out to them, and they said "We'll look into this. . ." I plan on following up with them soon, because I just can't let this one slip.

The outsourced app is actually pretty amazing, feature/function-wise, it just seems like there is a disconnect somewhere along the way. .

-Any sufficiently advanced technology is
indistinguishable from doubletalk.

  • Comment on Re: •web site design, or lack thereof

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://157277]
[marioroy]: IPC in MCE::Shared can handle 400k (sends) per second. That's seems a lot for being a pure-Perl module. After making the release, will come back and post a solution for a node by a fellow wanting faster logging.
[Corion]: While working on WWW::Mechanize:: Chrome, I had the suspicion that AnyEvent was doing something wrong, but I was able to swap it out for Mojolicious and the error persisted.
[Corion]: Of course, the error was in my own code ;)
[marioroy]: Corion, start and start_child in MCE::Hobo::Manager return a MCE::Hobo object, whereas P::FM returns the PID. I can have it return the PID though. I tried Hobo::Manager with several P::FM modules, just changed P::FM to MCE::Hobo::Manager and it works.
[marioroy]: I also have a Hobo driver for Forklift allowing folks to use in multiple classes, no conflicts with one another. That's not possible for P::FM.
[Discipulus]: congrats marioroy!
[marioroy]: CORE::wait works well eventhough multiple instances or classes using Hobo::Manager.
[Corion]: marioroy: I'm not sure what the normal use for the PID is in P:FM, but I guess that most programs just ignore or log it
[Corion]: Oh, yes, programs could call wait $pid, but if your $pid is an object, then you could add a ->wait method to it and wait $pid would call that automatically "thanks" to indirect object notation
[marioroy]: Just documentation edits is all that remains. Hobo::Simple provides foreach and forseq with identifier capability -- all transparently supporting array, hash, file handle, and seq 1 .. N.

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (7)
As of 2017-05-26 08:42 GMT
Find Nodes?
    Voting Booth?