P is for Practical | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I have a bone to pick here. This "rant" is not Off-Topic (OT) as stated in the title. It is a mantra more important than use strict!
Perl is probably (and I'm completely guessing here, but I like to think it's an educated guess) the 2nd most likely programming language to be involved in a potential security incident (C being the first, since so many services are written in that-- and I'm trying not to think about Outlook right now). Not because the language Perl itself is weak or rife with holes, but because it is commonly used in situations where there is world-wide exposure for the resulting executable-- CGI scripts on the web. And web programming is deceptively simple seeming. Add a print "content-type: html/text\n\n" to your script and suddenly it's a CGI script. But the paradigm shift from writing scripts for a trusted client in a secure environment (that is, the user probably doesn't want to trash their own box, so while we might verify their input makes sense we probably won't check it for interesting hacks related to piping dangerous commands to the shell) to writing scripts for a hostile environment is almost never covered well in "Quick Easy Perl Web Mastery" books, because that wouldn't be, well, quick or easy to master. As long as you have the energy, please never feel it's off-topic or inappropriate to bring up security issues. :) In reply to (ichimunki) Re: Security Rant
by ichimunki
|
|