Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Seeking wisdom and critique advice

by synapse0 (Pilgrim)
on Jul 27, 2001 at 17:48 UTC ( #100298=perlquestion: print w/replies, xml ) Need Help??

synapse0 has asked for the wisdom of the Perl Monks concerning the following question:

Hello all..
Well, first off, I feel like a newbie asking a question like this.. but I just need to know.
I don't mean to bring down a swath of "can you critique this for me" type of posts, but basically here's my deal:
I wrote an image gallery script when my son was born, and figured it would be a decent practice in learning software devel. So I cleaned it up, wrote some documentation and started distributing it. Around the time I started, another gallery script came out that I took a look at, and it was riddled with security problems.. Now, the writer of the other script was obviously oblivious to various security issues, and I've done some reading up on the subject so from the start i was able to avoid a number of the pitfalls, but it still made me wonder. I can only see my script from my point of view. I don't personally know any other coders, and I dont code professionaly (yet, I'm workin on that one), so I really have a crippled perspective on my coding level. I'm competent, I don't have doubts of that. But I also seek feedback on whether or not I'm introducing bad things out there. The main reason for my caution is the sheer amount of downloads of my script, which has run over 100 per month, far more than I had thought would happen.
So basically, my question comes down to this: Is there suggestions for a place to go (besides begging on a site like this) and increasing the noise level, where I or others in similar situations can ask for feedback from other competent Perl coders. Anyone know of a place where mutual script/cgi (500+ lines of code) critiquing happens? Is the script archive here a good place for that?
And if there isn't something like that out there already, anyone interested in the creation of such a place?
Bah, I hate being out of the loop, but I'm in the dark.. Advice and wisdom very much appreciated..

Replies are listed 'Best First'.
Re: Seeking wisdom and critique advice
by arhuman (Vicar) on Jul 27, 2001 at 18:07 UTC
    First you need to be 'security aware*' which seems to be the case for you.
    Then use the community experience
    (Super Search will teach you to : use strict, learn taint checking, not store plaintext password...)
    or security sites (SecurityFocus for example) archives/mailing lists

    Then perldoc perlsec is a must read...

    Eventually, I suppose peer review is the best way...
    (How do you call it ? Open source ? ;-)
    The monastery, CPAN or any scripts archive site is ok for such review as long
    as you label your work as alpha and ask for feedback

    * I put this in Bold for all the french Jean-claude Vandame's fan ;-)

    "Only Bad Coders Code Badly In Perl" (OBC2BIP)
Re: Seeking wisdom and critique advice
by andye (Curate) on Jul 27, 2001 at 18:56 UTC

    I for one wouldn't object at all if you put it here, I find it a useful learning exercise.

    Also, since the friendly is making an effort to provide substitute scripts for those popular yet insecure ones from Matt's Script Archive, they might well be willing to give you some pointers. davorg is head honcho, and you can join their (high traffic) mailing list here.


Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://100298]
Approved by root
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (7)
As of 2023-02-04 22:10 GMT
Find Nodes?
    Voting Booth?
    I prefer not to run the latest version of Perl because:

    Results (31 votes). Check out past polls.