Re: script attack

On Fri, 09 Sep 2005 13:09:53 -0600, Eric Schwartz wrote:

> Brian Wakem <no@xxxxxxxxx> writes:
>> 'local our' is common use in mod_perl.
> Okay, fair enough; all the mod_perl I've done has been with Mason,
> which hides all that with the MasonAllowGlobals Apache directive.
> Even so, I look at those examples, and think, "You know, if they just
> passed variables around, instead of using globals, they wouldn't need
> 'local our' at all."
> But thanks for the correction; if I find myself using mod_perl with
> other templating engines, I will remember that.

I'd have to agree. I've been using mod_perl for several years and
never needed 'local our' because I'm adverse to using globals
for any case that I don't have to use them. And there just
aren't a lot of times you _have_ to use them.

I was also startled by the porting guide's comment about seeing so
many warnings that they couldn't tell which ones were important and
which ones weren't: Warnings are nearly always important. If your
code _normally_ outputs tons of warnings, you have a serious
problem and very likely a number of outright bugs.

If you _must_ to do something that generates warnings, turn them
off in a scoped block so you don't have warnings about something
that is intended and understood behavior. I've found that fixing
warnings has a very close relationship to fixing bugs in general.

Benjamin Franz