Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

The Dangers of Cutting and Pasting Module Code

by tachyon (Chancellor)
on Aug 02, 2001 at 16:46 UTC ( #101629=monkdiscuss: print w/replies, xml ) Need Help??

At this node Copying complete module code into a script monk Daddio wanted to paste module code into a script. merlyn replied pointing to no excuses about not using This concerns me because at this node A serious security problem with 3.01? it is noted that it seems possible to generate a working with a broken $POST_MAX as this variable is no longer coded in the core code - it is in another module. This opens sites using this to denial of service attacks, and worse the problem appears silent.

With complex modules like 3.0 the core code exists not in one but several interlinked modules. While I am at a loss as to how you can generate the problem described (the fact that there are missing modules should be picked up) I am concerned that cutting and pasting modules may lead to code that works on the surface but has significant security or other issues.




  • Comment on The Dangers of Cutting and Pasting Module Code

Replies are listed 'Best First'.
Re: The Dangers of Cutting and Pasting Module Code
by bikeNomad (Priest) on Aug 02, 2001 at 17:49 UTC
    Barring a design flaw (like the use of a global variable in the CGI module(s) that should never have been visible in the first place), you're ordinarily OK. And Perl has the ability to require at least a particular version (and we recently had a discussion about how to require exactly a particular version) of a module.

    But you can't regard any program as being comprised of just what you wrote. Even if you don't include any modules explicitly, you're still dependent on the language, the way it's been configured and installed, and the rest of the environment. Are you going to guarantee that your program will work in the next version of Perl? You might have faith that it will, but you won't know until you've seen it do so on a variety of systems.

    It's not easy to make a non-trivial program that will work in everybody's system.

Re: The Dangers of Cutting and Pasting Module Code
by Nitsuj (Hermit) on Aug 03, 2001 at 05:27 UTC
    While this is a valid concern, I think that anybody cutting and pasting code should know what that code does, as in read it and understand it prior to cutting and pasting. Anybody who suffers faults from cutting and pasting code at random only suffers because they didn't bother to read that code first. I think that this should serve as a lesson to people who use snippets, that they should read those snippets first.

    Just Another Perl Backpacker

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: monkdiscuss [id://101629]
Approved by root
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (3)
As of 2022-07-05 01:06 GMT
Find Nodes?
    Voting Booth?

    No recent polls found