Re: Procedure for finding/searching for existing code
by Fastolfe (Vicar) on Jan 14, 2001 at 21:00 UTC
|
I tend to be very wary of using code from script sites that are not at least in some way intertwined with CPAN, such as this site. Without a peer review process, it's all-too-common to see "cargo-cult programming" hard at work on these freebie sites, and security vulnerabilities abound.
Perhaps this is an over-generalization, but I've seen one-too-many a security note come across Bugtraq about a script that's been made available on one of these freebie Perl archives. Generally on CPAN, and on sites where code can be reviewed like this one, major problems are caught beforehand.
Note that this also extends to Perl code purchased from an outside vendor. I have dealt with only 3 or 4 major Perl packages aquired in this manner, but they ALL had SERIOUS security problems, which I was thankfully able to patch up, but in all cases it was clear that the developer knew little about the science of programming. Finding a good Perl developer is a very hard thing to do. That is a major reason why Perl is not an official supported language in my company. :) | [reply] |
|
| [reply] |
|
Well, this site or any other that has a good solid peer review process. I'd mention SourceForge, but unless someone knows about a project there and takes an active interest in it, nobody's going to see it, whereas here, each post is considered a learning exercise, so you have a ton of people who are willing to look at it, some to teach, others to learn themselves.
I'm afraid I don't know of many other sites like that, and to be honest, when in doubt, I ask for the advice of some of the people here, and am never sorry.
But yeah, if you're using something to put out onto a production server, and you're not familiar enough with Perl to be able to audit it not only for suitability to your task, but for security and efficiency, you probably want to run it by somebody that is that familiar with Perl. Generally most everything you see on CPAN and PM especially has already been through that process.
| [reply] |
|
Yes, I agree totally with Fastolfe. I've seen all to many perl scripts that have
been made by freebies that have nasty security holes in them. For example I one day
came across a script(newsdesk) that read from a flatfile database and outputed some
nicely formatted news list. This is all nice, but the script allow the user to read any
file on the system, and even running commands (by adding a | at the end). This kind of thing
would not be to hard to notice if you just know a bit perl. But I've seen some sites (to many)
actually using this script.
// Martin A
| [reply] |
Re: Procedure for finding/searching for existing code
by OeufMayo (Curate) on Jan 14, 2001 at 20:16 UTC
|
As far as I'm concerned, my "procedure" is a two-step one:
- Look in perlmonks if I can find some advices about the piece of code I'm looking for, which step can be split in:
- Try the perlmonks Search
- Ask in the CB
- Post in Seeker of Perl Wisdom
- Look in CPAN if there's a module which can be used for the task I'm doing
I would only use Sourceforge to look for complete code, and I've never used freeperlcode.com nor cgi-resources.com, so I guess that your mileage may vary...
<kbd>--
PerlMonger::Paris(http => 'paris.pm.org');</kbd>
| [reply] |
Re: Procedure for finding/searching for existing code
by moen (Hermit) on Jan 14, 2001 at 20:52 UTC
|
You may consider buying The Perl Cookbook.
Lot's of nice snippets there for you to use and learn from. | [reply] |
|
| [reply] |
|
| [reply] |
Re: Procedure for finding/searching for existing code
by $code or die (Deacon) on Jan 15, 2001 at 10:11 UTC
|
I first got into Perl as a result of sites like cgi-resources.com. When I checked that site recently, I found a bunch of scripts using hand-rolled CGI solutions for getting form input. This is generally considered to be a bad thing.
However, it was definitely a learning experience and I made lots of effort to work out what the scripts were doing before I used\modified them, so that later I could build a completely new program out of old ones. Then I found that I didn't need to use the old ones any more.
My advice would be to carry on with what you're doing, but try and learn more along the way.
I'm afraid that the good content on the internet is rarely ALL in one place. <Except from here of course =) > And that is probably a good thing. Stick at it, ask for help here when you're stuck and pretty soon you won't need to rely on external resources so much.
$code or die
Using perl at
The Spiders Web | [reply] |