Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??

I'm completely stunned that you'd suggest not using regexes for parsing

Did you read the article? if not, please take the time to scan it (search for "s/" to get to the relavent sections) and perhaps you'll see why this method (ord() and unpack())seemed appealing. The way the interpolation that regexs do can be exploited to bypass even the most sophisticated set of multiple passes with regex to sanitise a user supplied path is simply scary.

Peer review and a huge number of test cases, especially those culled from real-world experience

Exactly why I was suggesting development of such code here! There are very few huge corporations and many millions of small companies in the world. The big ones have the budgets for such in-depth, in-house development, review and expertise. The rest have often one or two developers who are responsible for developing and maintaining the code. No possibility of enlisting more than there own expertise in reviewing their own work. And whilst when the big ones make mistakes, they have the have the funds to correct them. When the small ones make mistakes, the finacial costs of correction are often too much for their small net worths to bear and they go under taking the jobs they provided with them. Permenantly.

Expertise takes either time or money. Those that have invested the time, charge substantially to hire that expertise to others. The big guys have the money to grow that expertise internally or buy it externally. They are still making mistakes. The small guy has neither choice.

I don't understand why the idea of utilising the collective resourses of PM to address and simplify the process of handling security--the one thing that (as I have seen all over PM) is at the top of almost every single IT experts', of any flavour, list of major priorities--is so shocking?

BrowserUK (mistakenly posted anonymously)

Added attributio - dvergin 2002-06-28


In reply to Re: Re: Untainting safely. (b0iler proofing?) by Anonymous Monk
in thread Untainting safely. (b0iler proofing?) by BrowserUk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2021-07-31 21:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?