When it comes to security, it does not pay to reinvent the wheel.
From the FAQ:
But there are perfectly good programs already out there, why bother?
Actually, there aren't really.
Most CGI programs that are available for free download really aren't very good at all. Most of them seem to be written by people with very little knowledge of Perl.
Many of the developers on nms have been very active in the Perl community for years. They know Perl and CGI programming very well.
The problems with most other CGI programs, fall into three categories:
The programs are insecure. Putting a CGI program on your web site is very risky. It means that you are allowing anyone to run a program on your web server. Unless these programs have been written very carefully, you may be allowing unscrupulous people (known as crackers) to gain access to more information than you intend. Eventually the crackers may be able to take control of your web server.
Perl makes it very easy to write secure programs. Unfortunately, most CGI program authors don't seem to know this.
The programs are buggy. Many of the other programs have had no kind of code review. This means that they often still have bugs in which can cause problems on your web site. You may be the first person to discover this bug. The support you get from the authors of these programs can be very patchy. I have never received a reply from Matt Wright when I've reported a bug in his scripts.
The nms project has a large number of developers, therefore each line of code has been seen by many people. The chances of bugs is much reduced. Additionally, we have a dedicated mailing list to deal with support issues.
The programs are badly written. Whilst many people simply install these programs and never look at the code, others will read CGI program code as a way to learn to write their own CGI programs. We therefore feel it is important that our scripts reflect the best Perl coding practices. Others don't share our views and many people have learned very bad coding habits from reading Matt Wright's code.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|