Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^3: My promiscous singleton

by afoken (Canon)
on Dec 30, 2019 at 09:32 UTC ( #11110759=note: print w/replies, xml ) Need Help??


in reply to Re^2: My promiscous singleton
in thread My promiscous singleton

Because it is a secure environment and I may not use any non core modules, other than those I write...

Who came up with that nonsense idea? What makes core modules so special that they are suitable for a "secure" environment, but other modules from CPAN aren't? And what about that "insecure" CPAN modules that become core modules during the development of Perl? How do they suddenly become "secure"? Is the entire Perl source code subject to a code review?

Or is "security" once more a lame excuse not to use CPAN? See also Re^4: CSV file with double quotes and NIH syndrome.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Replies are listed 'Best First'.
Re^4: My promiscous singleton
by Random_Walk (Prior) on Dec 31, 2019 at 09:41 UTC

    I think they consider Perl core to be well enough tested and reviewed by its widespread usage. The security team follow CVE closely and if any significant new vulnerability is found patching it is highest priority work (For all software we use). Other random modules from CPAN are an unknown and would need to be reviewed in depth. I realise I am more likely to introduce a novel bug re-creating wheels, but it has the advantage of not being deployed outside this organisation, so less likely to be found and exploited. Another site I have worked even removed most of the core modules. If you wanted one you needed a good reason and a review before it could be used. This sort of approach is common in banks (at least in Europe) with regular audits and a high chance you get your marching orders if you use any non-approved software. Any novel software does get a lengthy review including penetration testing, design reviews etc... Its possible but for something small like this quicker to write a new solution in house.

    Cheers,
    R.

    Pereant, qui ante nos nostra dixerunt!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11110759]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (4)
As of 2020-06-04 22:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you really want to know if there is extraterrestrial life?



    Results (35 votes). Check out past polls.

    Notices?