Re: Bareword errors?

Gunnar Hjalmarsson <noreply@xxxxxxxxx> writes:

krakle@xxxxxxxxx wrote:
... it also does ZERO error and safety handling which makes it open
to all sorts of future and present catastrophes.

<snip>

CGI.pm is the standard for parsing form data if you choose not to
use it you are only limiting yourself and putting your web site,
server and users at risk.

Another one who naively believes that using CGI.pm for parsing the
input makes a significant difference as regards security.

It does not.

Gunnar, why do you persist with that straw-man argument? Pointing out the
fact that CGI.pm securely parses CGI arguments does not imply a claim that
doing so is all that's needed to securely write CGI applications.

This whole "skilled developers can improve upon CGI.pm, and shouldn't be
chastised for doing so" argument, while quite true, is irrelevant in this
case because is in fact *not* such a developer.

The OP frankly admitted to being incapable of even *using* CGI.pm correctly,
much less improving on it. He also admitted that he simply copy-and-pasted
the alternative code and doesn't understand how it works any more than he
does CGI.pm.

Such an individual is blindly trusting code he doesn't understand whether
he uses CGI.pm or not; the question is whether he should place such trust in
code that's been extensively community-reviewed, or in code he copied from
his neighbor's cousin's best friend's roommate.

sherm--

--
Web Hosting by West Virginians, for West Virginians: http://wv-www.net
Cocoa programming in Perl: http://camelbones.sourceforge.net
.

Relevant Pages