Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: A "newbies" thoughts on cgi.pm...

by grep (Monsignor)
on Apr 07, 2002 at 08:12 UTC ( [id://157245]=note: print w/replies, xml ) Need Help??


in reply to A "newbies" thoughts on cgi.pm...

Well since I just had a huge debate with my boss about reinventing good wheels, I may be a little on edge about this subject so please try not to take this as an attack, it's not.

reinventing good wheels is a waste of time. Why is it a waste of time?:

  • the time of coding (obvious)
  • the time of debugging
  • the time fixing the security holes you have introduced and must fix
  • the time checking to see if any of your previous security holes have been exploited, once found (ala M$)
  • the time to add the functionality of returning an array when when you have multiple values once you find out you need that functionality
  • the time Lincoln Stein (and others) have spent taking suggestions and implementing them
  • the time lost by other contributers who use the good wheel like Ovid and his CGI::Safe

    • Now notice I did not say that CGI.pm is the be all, end all, nor did say improving the wheel was bad (who would want to live in a world with out sporty rims), but rewriting a perfectly good piece of code and in the process introducing security holes (your admission) and broken functionality (another admission) is not only a waste of time, but a sure way to find yourself in a heap of trouble.

    your points (as I see them):

  • Because it did things that i didnt know about - does it do them correctly? Do you have the source code? if the source is to hard to read is there a place to ask about the source?
  • How do i tell what was sent via 'get' and what was sent via 'post'? - $ENV{'REQUEST_METHOD'}
  • i prefer a hash - there are several examples of pushing cgi params into hash available here
  • Yes, using your own solution may be less secure, but you can fix that! - but what if you don't know what to fix? what about your apps before you fix them should they just be insecure when you have a secure alternative?
  • Using functions to output wellformed html - use CGI::Lite
  • provided a valuable learning oppurtunity - what's wrong with reading the source? You can always read the CGI RFC
  • it doesnt go around slurping up stdin when i dont want it to - what case would this matter? you have querystring and you have direct access to the parameter list


    • grep
    grep> cd /pub
    grep> more beer

    Replies are listed 'Best First'.
    Re: Re: A "newbies" thoughts on cgi.pm...
    by tjh (Curate) on Apr 08, 2002 at 16:55 UTC
      In line with grep's comments, I prefer using mature modules because they do things I don't know about, may have forgotten, or didn't know that I didn't know.

      What I don't know can kill me, and what I don't know that I don't know will send me to hell afterwards. :)

      Not that you don't have a right or freedom to reinvent anything you like, it truly is a valuable learning experience - if you learn.

      0.02

    		[reply]
    [d/l]

    In Section Meditations

    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Domain Nodelet?

    www.com | www.net | www.org
    Node Status?
    node history
    Node Type: note [id://157245]
    help
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this?Last hourOther CB clients
    Other Users?
    Others contemplating the Monastery: (6)
    As of 2024-04-18 17:20 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      No recent polls found