Well, this site or any other that has a good solid peer review process. I'd mention SourceForge, but unless someone knows about a project there and takes an active interest in it, nobody's going to see it, whereas here, each post is considered a learning exercise, so you have a ton of people who are willing to look at it, some to teach, others to learn themselves.
I'm afraid I don't know of many other sites like that, and to be honest, when in doubt, I ask for the advice of some of the people here, and am never sorry.
But yeah, if you're using something to put out onto a production server, and you're not familiar enough with Perl to be able to audit it not only for suitability to your task, but for security and efficiency, you probably want to run it by somebody that is that familiar with Perl. Generally most everything you see on CPAN and PM especially has already been through that process. | [reply] |
Yes, I agree totally with Fastolfe. I've seen all to many perl scripts that have
been made by freebies that have nasty security holes in them. For example I one day
came across a script(newsdesk) that read from a flatfile database and outputed some
nicely formatted news list. This is all nice, but the script allow the user to read any
file on the system, and even running commands (by adding a | at the end). This kind of thing
would not be to hard to notice if you just know a bit perl. But I've seen some sites (to many)
actually using this script.
// Martin A | [reply] |
