Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re^2: My promiscous singleton

by Random_Walk (Prior)
on Dec 29, 2019 at 23:40 UTC ( #11110743=note: print w/replies, xml ) Need Help??

in reply to Re: My promiscous singleton
in thread My promiscous singleton

Because it is a secure environment and I may not use any non core modules, other than those I write...

I know, I know, but sometimes it's not worth the fight. And believe me it would take months, if not years/for ever to get sign off. But thanks for the common sense answer


Pereant, qui ante nos nostra dixerunt!

Replies are listed 'Best First'.
Re^3: My promiscous singleton
by afoken (Canon) on Dec 30, 2019 at 09:32 UTC
    Because it is a secure environment and I may not use any non core modules, other than those I write...

    Who came up with that nonsense idea? What makes core modules so special that they are suitable for a "secure" environment, but other modules from CPAN aren't? And what about that "insecure" CPAN modules that become core modules during the development of Perl? How do they suddenly become "secure"? Is the entire Perl source code subject to a code review?

    Or is "security" once more a lame excuse not to use CPAN? See also Re^4: CSV file with double quotes and NIH syndrome.


    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

      I think they consider Perl core to be well enough tested and reviewed by its widespread usage. The security team follow CVE closely and if any significant new vulnerability is found patching it is highest priority work (For all software we use). Other random modules from CPAN are an unknown and would need to be reviewed in depth. I realise I am more likely to introduce a novel bug re-creating wheels, but it has the advantage of not being deployed outside this organisation, so less likely to be found and exploited. Another site I have worked even removed most of the core modules. If you wanted one you needed a good reason and a review before it could be used. This sort of approach is common in banks (at least in Europe) with regular audits and a high chance you get your marching orders if you use any non-approved software. Any novel software does get a lengthy review including penetration testing, design reviews etc... Its possible but for something small like this quicker to write a new solution in house.


      Pereant, qui ante nos nostra dixerunt!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://11110743]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (2)
As of 2021-04-18 17:53 GMT
Find Nodes?
    Voting Booth?

    No recent polls found