Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

(zdog) Re: Web Security

by zdog (Priest)
on Jun 22, 2002 at 18:15 UTC ( #176503=note: print w/replies, xml ) Need Help??

in reply to Web Security

In the chatterbox, you said, "Oh cool, the vote bots are at it again." I went to check out the post and yes, I downvoted it, too. Why? Because I didn't think it was that great of a post. Granted, you presented a couple of possible security problems that people may want to look out for when they are coding. But did you provide any solutions? No. Instead, you directed your focus away from Perl and talked mostly about the fact that some people write bad code. That's not really a big revelation. And you just had to go further and mock the author. Sometimes even the best of them deserve -- votes and you shouldn't be so quick to assume that votebots are to blame.

Also, I don't think that you have a right to complain about votebots. This post, with seemingly very little quality content, gets up to +5 rep with about 20 minutes. And that's after a couple of downvotes. And that's on a weekend! Which is usually pretty slow.

Zenon Zabinski | zdog |

Replies are listed 'Best First'.
Re: (zdog) Re: •Web Security
by Ovid (Cardinal) on Jun 22, 2002 at 18:44 UTC

    zdog: I have to disagree with your assessment on this one. Different people have different styles of communication and learning and merlyn's style is simply one of many. In this case, his title was "Web Security" and here's what I consider to be the truly relevant paragraph:

    In other words, not only was unchecked data from a form field (presumably from a pop-up menu or radio button) being used directly in an eval, but quite helpfully, the syntax errors were being sent back to the browser to help you refine your breakin! (And I looked hard for some sort of screening or vetting of the $p_type value, and there was none.)

    In short, merlyn presented some poor Perl code and explained to us exactly why it's a problem. That seems, in my mind, to be a reasonable meditation. Of course, he didn't go step by step through various ways we might exploit this, but there's a certain level of minimum knowledge assumed on the part of the reader. Myself, I like to assume little on the part of the reader so I tend to explain things more in depth (like now), whereas merlyn appears to assume a more knowledgeable audience. Thus, he is often accused of being arrogant or rude and I'm accused of pandering. No matter how one approaches things, some people will be put off :)


    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

      merlyn says:

      Is there really that lack of clues out there? I don't know whether to be more scared or saddened.

      Ovid says:

      there's a certain level of minimum knowledge assumed on the part of the reader.

      Anyone see where I'm going with this?

      The people merlyn is criticizing for bad security practices aren't going to be helped much by this post. These posts always remind me of the "Perl is Good, Praise Perl" posts that come up on this site. They're preaching to the converted. If you want to help solve the problem, you're going to have to explain things in terms those who you're criticizing can understand.

      That said, merlyn's post is not without some value and I don't feel it calls for a downvote, I might even upvote it if he took that dot out of the title ;-).

        One might say that a true monk's meditations will always constitute preaching to the converted. Preaching to the heathens is done in SoPW. Sometimes we must simply say what is true without worrying about whether it will save the sinners.


Re: (zdog) Re: •Web Security
by greenFox (Vicar) on Jun 23, 2002 at 00:56 UTC

    meditation \Med`i*ta"tion\, n. [OE. meditacioun, F. m['e]ditation, fr. L. meditatio.] 1. The act of meditating; close or continued thought; the turning or revolving of a subject in the mind; serious contemplation; reflection; musing.

    The purpose of a meditation isn't to give you the answers rather to inspire you to contemplate the topic.

    The less said by every-one about voting and experience the better IMO.

    my $chainsaw = 'Perl';

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://176503]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2022-12-06 20:28 GMT
Find Nodes?
    Voting Booth?

    No recent polls found