zdog: I have to disagree with your assessment on this one. Different people have different styles of communication and learning and merlyn's style is simply one of many. In this case, his title was "Web Security" and here's what I consider to be the truly relevant paragraph:

In other words, not only was unchecked data from a form field (presumably from a pop-up menu or radio button) being used directly in an eval, but quite helpfully, the syntax errors were being sent back to the browser to help you refine your breakin! (And I looked hard for some sort of screening or vetting of the $p_type value, and there was none.)

In short, merlyn presented some poor Perl code and explained to us exactly why it's a problem. That seems, in my mind, to be a reasonable meditation. Of course, he didn't go step by step through various ways we might exploit this, but there's a certain level of minimum knowledge assumed on the part of the reader. Myself, I like to assume little on the part of the reader so I tend to explain things more in depth (like now), whereas merlyn appears to assume a more knowledgeable audience. Thus, he is often accused of being arrogant or rude and I'm accused of pandering. No matter how one approaches things, some people will be put off :)

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

merlyn says:

Is there really that lack of clues out there? I don't know whether to be more scared or saddened.

Ovid says:

there's a certain level of minimum knowledge assumed on the part of the reader.

Anyone see where I'm going with this?

The people merlyn is criticizing for bad security practices aren't going to be helped much by this post. These posts always remind me of the "Perl is Good, Praise Perl" posts that come up on this site. They're preaching to the converted. If you want to help solve the problem, you're going to have to explain things in terms those who you're criticizing can understand.

That said, merlyn's post is not without some value and I don't feel it calls for a downvote, I might even upvote it if he took that dot out of the title ;-).

One might say that a true monk's meditations will always constitute preaching to the converted. Preaching to the heathens is done in SoPW. Sometimes we must simply say what is true without worrying about whether it will save the sinners.

-sam

from dictionary.com:
meditation \Med`i*ta"tion\, n. [OE. meditacioun, F. m['e]ditation, fr. L. meditatio.] 1. The act of meditating; close or continued thought; the turning or revolving of a subject in the mind; serious contemplation; reflection; musing.

The purpose of a meditation isn't to give you the answers rather to inspire you to contemplate the topic.

The less said by every-one about voting and experience the better IMO.

--
my $chainsaw = 'Perl';