Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re:Re: Security Rant

by strfry() (Monk)
on Dec 05, 2001 at 04:38 UTC ( #129499=note: print w/replies, xml ) Need Help??

in reply to (ichimunki) Re: Security Rant
in thread (OT) Security Rant

i agree wholeheartedly (especially about it not being off-topic); we've all seen how perfectly capable Perl is as a programming language - and that itself has a few caveats, if a user doesn't know what they're doing when they make their favorite script suid root. While I know this is a very basic example, it still stands that some of us (IMHO all of us) could benefit from more talk of ways to keep Perl scripts and applications secure. As far as I've seen, Perl/Apache (be it mod_perl or vanilla CGI) is the most common CGI language/server combination on the web (well, according to apache - they've got a figure of around 56% floating on their website)

and users would do well to remember what happens when Quick and Easy programs don't stay quick and easy. Sometimes, they'll actually be used by other people, and built upon... maybe even be the basis of more widely used applications. Eventually, with poor design, and a little rum involved, they sometimes grow to be a web-based SNAFU [tm] of incredible size.
(where i work, when we integrate our software with other companies e-commerce solutions, it's frightening how often I see 'unpatched' / formmail.cgi in their cgi-bins!)

in a nutshell, i feel pretty darn lucky to be able to code in something that keeps track of it's own memory, doesn't require me to do type definitions, and gives me simple, intelligent ways to handle text; Perl is great if you're lazy. but it won't keep you from falling on your face if you don't watch where you put your feet.
in a smaller nutshell, use strict;, use warnings;, use the  -T switch, and watch your step. (:


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://129499]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (3)
As of 2018-09-26 01:18 GMT
Find Nodes?
    Voting Booth?
    Eventually, "covfefe" will come to mean:

    Results (205 votes). Check out past polls.

    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!