Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot

Good Coding?

by nlafferty (Scribe)
on Jan 23, 2002 at 22:15 UTC ( #140964=perlquestion: print w/replies, xml ) Need Help??

nlafferty has asked for the wisdom of the Perl Monks concerning the following question:

I have a question that will help me and perhaps others. When you write a CGI script. You include -w and use strict;. The code works fine, but how do I find bugs that might not appear until down the road. Or an exploit of some sort that a malicious person could take advantage of.

Of course, use taint; would help. But I'm talking perfect code (as far as we know). What are some common mistakes in CGI scripts that could "break". More specifically, in my case a program of multiple scripts that use an SQL database for storing form data. Thanks.

Replies are listed 'Best First'.
Re: Good Coding?
by BazB (Priest) on Jan 23, 2002 at 22:41 UTC

    To keep chromatic happy: test, test, test.

    Give the code to your peers to review the code, do some QA testing.

    After that, give it to a group of users that have no idea what the script is supposed to do - monitor how they're using the script - users have this annoying habit of breaking a piece of code you previously though was near prefect.

    Modularise the code as much as possible and test each piece separately and as a unit.

    Use CPAN modules for common tasks - they've been well tested and proven in real life, that hand-rolled parser (or whatever) hasn't.

    I've already got several nodes on this topic listed on my homenode, but I'll reproduce them here:

    Use Super search - I'm sure there are many more nodes on the subject.

    Test, test, test.

Re: Good Coding?
by mkmcconn (Chaplain) on Jan 23, 2002 at 22:32 UTC

    What are some common mistakes in CGI scripts that could "break" -- nlafferty

    I should probably let Ovid tell you, but I think that a good answer to your question is at Ovid's CGI course.

Re: Good Coding?
by hakkr (Chaplain) on Jan 23, 2002 at 22:46 UTC

    Once you've eleiminated most of your bugs it's genaraly the environment that can cause the most trouble. Here's some off me head I've encountered during my daily grind.

    If Mysql is down your DBI connection will break your script.
    •Use an eval or try/catch when executing

    File locking can cause problems
    •use file control

    Badly set up apache/Mysql
    •Ensure apache timeouts, max number children etc are ok

    System calls have the potential to break your script. Forking off multiple processes can help, when they fail your main process carries on.

    Calls to various modules may also cause your script to break

    Users can also cause bother with
    Back Buttons
    •use http headers to prevent caching

    Proxy Servers
    •Can interfere with authentication and sessions

    Turned off features, Old Browsers and Apple Macs
    • Cookies turned off unsupported etc

Re: Good Coding?
by nlafferty (Scribe) on Jan 23, 2002 at 23:37 UTC
    Thanks for the help, everyone. This has been a terrific help. The tutorial by Ovid is great and a lot of help. I have been programming in perl for months now and this tutorial gives a good explanation of things that I failed to understand before. Peace be with all of you!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://140964]
Approved by root
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (2)
As of 2020-10-28 18:12 GMT
Find Nodes?
    Voting Booth?
    My favourite web site is:

    Results (263 votes). Check out past polls.