Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re:Re: Security Rant

by strfry() (Monk)
on Dec 05, 2001 at 04:38 UTC ( #129499=note: print w/replies, xml ) Need Help??

in reply to (ichimunki) Re: Security Rant
in thread (OT) Security Rant

i agree wholeheartedly (especially about it not being off-topic); we've all seen how perfectly capable Perl is as a programming language - and that itself has a few caveats, if a user doesn't know what they're doing when they make their favorite script suid root. While I know this is a very basic example, it still stands that some of us (IMHO all of us) could benefit from more talk of ways to keep Perl scripts and applications secure. As far as I've seen, Perl/Apache (be it mod_perl or vanilla CGI) is the most common CGI language/server combination on the web (well, according to apache - they've got a figure of around 56% floating on their website)

and users would do well to remember what happens when Quick and Easy programs don't stay quick and easy. Sometimes, they'll actually be used by other people, and built upon... maybe even be the basis of more widely used applications. Eventually, with poor design, and a little rum involved, they sometimes grow to be a web-based SNAFU [tm] of incredible size.
(where i work, when we integrate our software with other companies e-commerce solutions, it's frightening how often I see 'unpatched' / formmail.cgi in their cgi-bins!)

in a nutshell, i feel pretty darn lucky to be able to code in something that keeps track of it's own memory, doesn't require me to do type definitions, and gives me simple, intelligent ways to handle text; Perl is great if you're lazy. but it won't keep you from falling on your face if you don't watch where you put your feet.
in a smaller nutshell, use strict;, use warnings;, use the  -T switch, and watch your step. (:


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://129499]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2018-12-18 21:55 GMT
Find Nodes?
    Voting Booth?
    How many stories does it take before you've heard them all?

    Results (83 votes). Check out past polls.