Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Agreed, clueless companies sometimes hire clueless people to write code that impacts the bottom line. These people don't do the extensive and continual learning that is required. One senior ASP guy I know is relatively cluefull but hates reading (eek!). People base their ideas on the things they can see and security is usually not one of them. This is related to the discussions of insecure cut-and-paste scripts on the net.

I've done code review and evangelism but it doesn't end. Once I was asked to review someone's work for the cross-site scripting vulnerability which is good news, but most people do not understand the concept of building in security from the start, as you probably know.

I've often thought PM should have a well-organized section on security. Something more than the "CGI programming" page. It could include skeleton code, CPAN module reviews, and writeups on the issues and security philosophy. Maybe it could have a security issues checklist for clients to ask programmers to answer.

I think most monks figure out their own security strategies which is okay, this is Perl, but rolling your own is not a good strategy if you can't write the unit test. So what if each of us have to absorb a hundred megabytes a year just to stay alert. But new programmers? They often don't know anything about engineering or accepted practices. Or, they cross over from their real discipline. There's perlsec but it doesn't cover everything. We should at least point them to a book or something, maybe yours..

If we are trying to increase the number of Perl programmers maybe we should start with security. Something organized would improve security on the web I think. Type "Security" into the search box, you get a good thread but just a short one, you know? Advanced programmers could benefit too. For example, login code for CGI::Application with versions using and not using Apache auth modules, for starters.

What would you say to contributing to such a section?

In reply to Re: •web site design, or lack thereof by mattr
in thread web site design, or lack thereof by merlyn

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?

    What's my password?
    Create A New User
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others scrutinizing the Monastery: (4)
    As of 2020-10-21 07:37 GMT
    Find Nodes?
      Voting Booth?
      My favourite web site is:

      Results (212 votes). Check out past polls.