Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: A "newbies" thoughts on cgi.pm...

by grep (Monsignor)
on Apr 07, 2002 at 08:12 UTC ( [id://157245]=note: print w/replies, xml ) Need Help??


in reply to A "newbies" thoughts on cgi.pm...

Well since I just had a huge debate with my boss about reinventing good wheels, I may be a little on edge about this subject so please try not to take this as an attack, it's not.

reinventing good wheels is a waste of time. Why is it a waste of time?:

  • the time of coding (obvious)
  • the time of debugging
  • the time fixing the security holes you have introduced and must fix
  • the time checking to see if any of your previous security holes have been exploited, once found (ala M$)
  • the time to add the functionality of returning an array when when you have multiple values once you find out you need that functionality
  • the time Lincoln Stein (and others) have spent taking suggestions and implementing them
  • the time lost by other contributers who use the good wheel like Ovid and his CGI::Safe
  • Now notice I did not say that CGI.pm is the be all, end all, nor did say improving the wheel was bad (who would want to live in a world with out sporty rims), but rewriting a perfectly good piece of code and in the process introducing security holes (your admission) and broken functionality (another admission) is not only a waste of time, but a sure way to find yourself in a heap of trouble.

    your points (as I see them):

  • Because it did things that i didnt know about - does it do them correctly? Do you have the source code? if the source is to hard to read is there a place to ask about the source?
  • How do i tell what was sent via 'get' and what was sent via 'post'? - $ENV{'REQUEST_METHOD'}
  • i prefer a hash - there are several examples of pushing cgi params into hash available here
  • Yes, using your own solution may be less secure, but you can fix that! - but what if you don't know what to fix? what about your apps before you fix them should they just be insecure when you have a secure alternative?
  • Using functions to output wellformed html - use CGI::Lite
  • provided a valuable learning oppurtunity - what's wrong with reading the source? You can always read the CGI RFC
  • it doesnt go around slurping up stdin when i dont want it to - what case would this matter? you have querystring and you have direct access to the parameter list


  • grep
    grep> cd /pub
    grep> more beer

    Replies are listed 'Best First'.
    Re: Re: A "newbies" thoughts on cgi.pm...
    by tjh (Curate) on Apr 08, 2002 at 16:55 UTC
      In line with grep's comments, I prefer using mature modules because they do things I don't know about, may have forgotten, or didn't know that I didn't know.

      What I don't know can kill me, and what I don't know that I don't know will send me to hell afterwards. :)

      Not that you don't have a right or freedom to reinvent anything you like, it truly is a valuable learning experience - if you learn.

      0.02

    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Domain Nodelet?
    Node Status?
    node history
    Node Type: note [id://157245]
    help
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this?Last hourOther CB clients
    Other Users?
    Others cooling their heels in the Monastery: (3)
    As of 2025-06-16 23:02 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found

      Notices?
      erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.