Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: How to answer "Perl is not secure" objections?

by perrin (Chancellor)
on Sep 06, 2007 at 18:52 UTC ( #637506=note: print w/replies, xml ) Need Help??

in reply to How to answer "Perl is not secure" objections?

Is he a Java guy? If so, he's probably thinking of how Java can prevent programs from accessing certain things (e.g. the filesystem). However, since any non-trivial Java program needs to access the filesystem, this type of permission will be granted immediately. It's more relevant for things like applets than it is for programs you would write in-house.

In terms of things to read, here are three good ones:

The most important point to make, IMO, is that security is a feature of programmers and their process, not of languages. There is no reason to think that a .NET or Java program that accessed a database and some files is more secure than a Perl program that does the same.

  • Comment on Re: How to answer "Perl is not secure" objections?

Replies are listed 'Best First'.
Re^2: How to answer "Perl is not secure" objections?
by radiantmatrix (Parson) on Sep 06, 2007 at 21:03 UTC

    Is he a Java guy?

    No, he's upper management. We're beyond the pale of tech-savvy at this point. The guy believes this because someone he trusts (probably a vendor) told him so. What I'm looking for is essentially literature that talks about how secure Perl is, or speaks to other big-name orgs using Perl for "high-risk" data like financial transactions. Something digestible for the upper-manglement set.

    Ramblings and references
    The Code that can be seen is not the true Code
    I haven't found a problem yet that can't be solved by a well-placed trebuchet
      Well, and run millions of dollars of business through their websites, which are written in perl. That seems like a pretty solid case to me.
      As was told during the latest YAPC::EU job fair, VERISIGN uses Perl!

      If I remember well, they have about a million lines of Perl code in their applications and they are still actively seeking Perl programmers (see Perl Jobs).

      If Perl was inherently insecure, should a company like Verisign use it?


      A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://637506]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (1)
As of 2018-04-22 00:45 GMT
Find Nodes?
    Voting Booth?