Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

comment on

( #3333=superdoc: print w/replies, xml ) Need Help??
Agreed, clueless companies sometimes hire clueless people to write code that impacts the bottom line. These people don't do the extensive and continual learning that is required. One senior ASP guy I know is relatively cluefull but hates reading (eek!). People base their ideas on the things they can see and security is usually not one of them. This is related to the discussions of insecure cut-and-paste scripts on the net.

I've done code review and evangelism but it doesn't end. Once I was asked to review someone's work for the cross-site scripting vulnerability which is good news, but most people do not understand the concept of building in security from the start, as you probably know.

I've often thought PM should have a well-organized section on security. Something more than the "CGI programming" page. It could include skeleton code, CPAN module reviews, and writeups on the issues and security philosophy. Maybe it could have a security issues checklist for clients to ask programmers to answer.

I think most monks figure out their own security strategies which is okay, this is Perl, but rolling your own is not a good strategy if you can't write the unit test. So what if each of us have to absorb a hundred megabytes a year just to stay alert. But new programmers? They often don't know anything about engineering or accepted practices. Or, they cross over from their real discipline. There's perlsec but it doesn't cover everything. We should at least point them to a book or something, maybe yours..

If we are trying to increase the number of Perl programmers maybe we should start with security. Something organized would improve security on the web I think. Type "Security" into the search box, you get a good thread but just a short one, you know? Advanced programmers could benefit too. For example, login code for CGI::Application with versions using and not using Apache auth modules, for starters.

What would you say to contributing to such a section?

In reply to Re: •web site design, or lack thereof by mattr
in thread web site design, or lack thereof by merlyn

Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":

  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?

What's my password?
Create A New User
Domain Nodelet?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (5)
As of 2022-12-08 18:42 GMT
Find Nodes?
    Voting Booth?

    No recent polls found