Evaluating web cgi scripts

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Is there a good resource to use as a basis for evaluating web site code (written in Perl for CGI) for someone who is technically skilled, but does not spend most of his/her time authoring (or reading) Perl code? Basically, the complete list of best practises (eg. input sanitation, standard modules, etc...) Even better would be a tool to scan against server script. Much appreciated... thx

Comment on Evaluating web cgi scripts

Replies are listed 'Best First'.
Re: Evaluating web cgi scripts by vladb (Vicar) on Feb 10, 2006 at 20:37 UTC
While I haven't stumbled upon a script that could automate the process of 'evaluating' the quality of your perl code, there are plenty of online and print resources you could find helpful. Perl Best Practices (review) by O'Reilly is invaluable in that regard. Some other online resources on the subject: Ten Essential Development Practices "Best Practices" at the monastery Slashdot discussion Common Perl practices (novice traps) Perl style guide Perl guide on DBI - since often used in cgi... _____________________ "We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true." Robert Wilensky, University of California	[reply]
Re: Evaluating web cgi scripts by jonadab (Parson) on Feb 10, 2006 at 21:40 UTC
Rule number one is, if you don't know whether taint checking will break anything, turn on taint checking. If anything breaks, go over everything for security issues. This is more a web/cgi thing than a Perl thing, but it's a big thing. Taint checking is just a tool Perl provides to help you know if you have a problem. It's not perfect, but it helps a lot. Sanity? Oh, yeah, I've got all kinds of sanity. In fact, I've developed whole new kinds of sanity. Why, I've got so much sanity it's driving me crazy.	[reply]
Re: Evaluating web cgi scripts by misterb101 (Sexton) on Feb 10, 2006 at 20:38 UTC
Well I don't know about a tool for scanning source code against. But if you want to have a comprehendable list of common problems and solutions I would start with something like the 'Perl Cookbook' From O'Reilly -- Cheers, Rob	[reply]


We don't bite newbies here... much
	PerlMonks