|laziness, impatience, and hubris|
A bio of my Perl life.by SFLEX (Chaplain)
|on Aug 23, 2009 at 11:20 UTC||Need Help??|
As a beginner of Perl coding I started out with open source projects YAWPS and Web-App.org.
Those two projects are where I first started to under stand Perl and web programming with Perl.
As I got more comfortable with my coding skills, I started to test the web portal's security.
A lot of the security holes I came across at first surprised me, because the community (mainly web-app.org) said "Its the most secure web portal out there". These security holes ranged from Buffer over flow, XSS, poison null byte,and form hijacking just to name a few.
Although it was hard for me to relay to the web-app.org community why there should be a change in the way they deal with security and why using strict, warnings and taint was a good show of the community's strength with Perl and there commitment to the project.
I then moved on to my own projects mainly Flex-WPS, but produced SF::SF_form_secure witch was one way to to secure some of the problems the web-app.org framework was having.
SF_form_secure makes a SHA1 "fingerprint" of the URI and checks if it has been tampered with. This was the first module I made to posted on cpan.org.
Out of the many codes I have produced with Perl I would have to say one that has surprised a customer the most, while working with www.wholesaleac.com. Eric's shopping cart was made with ASP. although I don't have any experience with ASP but can read most programming languages and fairly understand what its trying to do. I was brought onto his development team to do graphics, data-entry and some coding if needed. While doing data-entry I noticed most of the product's have the same descriptions but would have to be copied and pasted in different combination's. This gave me an idea to produce a database of all the product descriptions witch then can be displayed in any combination's one would like.
This project took me about a week to produce and was actually fun to make for the most part.
I only charged the customer $500.00 for the end product, fixed and made improvements when needed. While doing graphics and data-entry I was making $15.00 an hour. I told Eric I was good with security and he asked me to find some security issues with his shopping cart. After about a day or two of poking around I found out the shopping cart trusted the HTML form of the product, witch I was able to change the price of the product to any amount. In my eye's it was a very easy hack. So i warned Eric and his other employees to check the price of the product's before processing the order.
As I got more into the way a web framework can work and how they manage the other application within the system I continued on with Flex-WPS (Web Portal System) . Keeping security and performance as the highest priority in the design of the framework. Flex evolved into a Perl OO, mysql and module system. I picked MySQL because most of the shared servers or cheaper servers would have MySQL and its faster then a plain text file.
While sand-boxing the HTML forms I decided to produce a module (this time a Perl OO) that worked with Flex-WPS OO and called it AUBBC (Advanced Universal Bulletin Board Code Tags). With the knowledge of how the other web portals made their "Universal Bulletin Board Tags" combined with how I wanted AUBBC to function. It became a hole new project within itself. Just to name a few features AUBBC uses place holder's to add-in custom tags, has most of the standard tags other web portal's have available, a HTML Perl syntax highlighter, and is for the most part secure with default settings.
A list of programs I have made for Flex-WPS, originally I was going to release the portal for free but got so into improving the framework and design. I decided to keep it proprietary and release some of the other module's I have made for it.
The list of programs:
Forum, Chat w/Bots, Shopping Cart, Order Manager, Simple Wiki, Captcha, Calendar, Contact Form manager, RSS feeds and crawler, Image Gallery, FAQ, HTML Page viewer, Private Messaging System, Perl warnings and strict and die Error log, GD clock, Administration area, along with other common areas like register/login and account editor
Since the design of the portal was constantly changing, the programs I made would have to be re-integrated into the newest system. So I picked a few of the programs that would be vital to the system or what some the customer's would want to use. The Current working program list is:
Perl warnings, strict and die Error log, Private Messaging System, HTML Page viewer, Captcha, RSS feeds and crawler, User Account Edit, Administration area.
Some features to the Administrator area are MySQL table optimizer(this program was a revers engineer of the table optimizer from "phpMyAdmin") , User Groups and Module access management, Portal template/Theme, custom AJAX script manager, Main & User Menu manager, Portal Configuration Editor, Sub(s) Load (this is what I use to plug-in functions throughout the portal before the portal prints the Theme and in the Theme), User access log.
Because of the design of Flex-WPS and how Perl is case sensitive the best operaiting system's to use with it are Linux and Unix. My knowledge of servers is mainly Apache and to me is the best server to use with Perl.
I mainly used open source for customer's web sites in the beginning so I could provide a high-end web page fast and easy. Some of the web site i have worked on are no longer up, changed their design or are using the latest version of Flex-WPS:
www.pacnsend.net (change design)
www.pacnsend.org (dead link)
www.formulafunding.com (dead link)
www.a-zcapitalfunding.com (dead link)
www.vagesknights.com (dead link)
www.futuregps.com (dead link)
www.wholesaleac.com (change design)
www.4trvl.com (uses web-app.org)
www.beyondsocks.com (dead link)
www.autotechgarage.com (uses Flex-WPS)
www.thecreativeanimalrelief.org (uses Flex-WPS)
www.localswapmeet.com (uses Flex-WPS)
For the most part I've been making programs from scratch now, Because I have made so many programs and most of the customers want custom applications to fit there needs. My programming style has become repetitive and I have learned a lot form being a member of PerlMonks.org my member name is SFLEX. I still seek solutions on CPAN and copy or use what code I need at the time and have a very good knowledge of the default module in the Perl distribution.
I know what I can do as a Perl developer and will tell you upfront what I don't understand. When I don't understand what the customer whats I have them explain more of that subject. Where then I can understand their terminology and find a better solution to their needs.
Information is knowledge.