Have you never seen a shopping cart that lets the user change prices by submitting hidden form fields?

Have you never seen a shopping cart that is vulnerable to SQL injection attacks?

Have you never seen a shopping cart that stores your current location on the server and therefore doesn't let you navigate through two parts of the site in parallel (for comparison shopping purposes)?

How about ones that let you store user comments - and were then vulnerable to cross-site scripting attacks?

Or have you seen shopping carts that made any or all of these mistakes but you didn't know enough to realize it? Which is more likely?

I never said they were all good - just the ones I've come across so far. I think it's a bit much to be attempting to judge my abilities simply on a single comment made on this site.

Yes, maybe I've missed the odd thing, but I also never said I was the oracle of all things Perl, IT, Internet etc etc etc

I was simply attempting to make the point that Perl can indeed be used to create a decent solution as demonstraited by several products already on the market.

You make some valid points about possible vulnerabilities (which surely are possible in a solution written in any language?) but you could have phrased them in a slightly less patronising way.

You don't know me, I don't know you. Please keep the comments to Perl and keep them constructive.

--- Jay

All code is untested unless otherwise stated.

You seem to have underestimated the seriousness of what I'm raising.

Most shopping cart implementations out there, in Perl or otherwise, tend to be crap. It is very common for them suffer from one or more of the problems that I listed. In order those problems allow people to steal products from you, steal your database from you (mmm...credit cards!), creates a significant usability problem, and allows your site to be defaced. Each afflicts a large fraction of shopping cart implementations. And yes, there is nothing Perl-specific about any of them.

In short the problems that I've listed are not just theoretically possible, they are widespread. And they are not just "the odd thing" to miss, they are serious issues that you really don't want to miss.

If you've looked at "a fair number of shopping carts" and have never seen these problems, then I must conclude that you've either been unbelievably lucky or else you do not know to look for them. I choose not to believe in luck, you have seen bad shopping cart applications. In which case your opinions on quality must be wrong. Dangerously so.

Now I could make this point in a gentle way. And run the risk that you would be left thinking that I'm just presenting a minor consideration and your advice was mostly fine. Or I could, as I have done, make the point bluntly enough that there is no possibility of your missing the fact that I think your judgement was wrong. At the cost of likely offence.

I try not to offend lightly. And I did not lightly choose to do so this time.