Re: Bareword errors?

Sherm Pendley wrote:
Gunnar Hjalmarsson writes:
krakle@xxxxxxxxx wrote:
... it also does ZERO error and safety handling which makes it open to all sorts of future and present catastrophes.

<snip>

CGI.pm is the standard for parsing form data if you choose not to use it you are only limiting yourself and putting your web site, server and users at risk.

Another one who naively believes that using CGI.pm for parsing the input makes a significant difference as regards security.

It does not.

Gunnar, why do you persist with that straw-man argument?

It's not straw-man, it's both true and significant.

Pointing out the fact that CGI.pm securely parses CGI arguments does not imply a claim that doing so is all that's needed to securely write CGI applications.

1. He didn't just claim that CGI.pm makes a difference as regards security, he talked about "putting your web site, server and users at risk" if you choose to not use it.

2. My objection above does not include the message you indicate.

3. Still, my belief is that using such arguments for advocating the use of CGI.pm _does_ give the incorrect impression that you write significantly more secure CGI programs only by using it.

This whole "skilled developers can improve upon CGI.pm, and shouldn't be chastised for doing so" argument, while quite true, is irrelevant in this case because is in fact *not* such a developer.

While I don't defend everything the OP in this thread said, neither do I think that _anybody_ should be chastised for using a totally harmless piece of code.

Point out the value of code reuse through modules, fine, that's good advice. For god's sake, I'm also a module user (and author). I'm even using CGI.pm from time to time. :)

But try to relax, and let it stay with that. Try to believe that the readers of this group are grown-up people, who are capable of making their own decisions on programming style.

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
.

Relevant Pages

  • Re: Publish External Websites Securely (ISA 2004)
    ... Enable SSL on this web site. ... select Directory Security tab, click Server Certificate button. ... and then click Publish a Secure Web Server. ... you can access the web site from Internet thru ...
    (microsoft.public.windows.server.sbs)
  • RE: Publish External Websites Securely (ISA 2004)
    ... Enable SSL on this web site. ... select Directory Security tab, click Server Certificate button. ... and then click Publish a Secure Web Server. ... you can access the web site from Internet thru ...
    (microsoft.public.windows.server.sbs)
  • CGI Permissions
    ... The web site is set up to use NT Authentication and runs a CGI program ... The CGI C++ code can access files on the local web server OK. ...
    (microsoft.public.inetserver.iis.security)
  • Re: How do i add this discussion group to my newsreader
    ... The connection is not secure ... Word MVP web site http://word.mvps.org ... News Server - which you told me is ...
    (microsoft.public.word.docmanagement)
  • Re: Posting to another page question
    ... This isn't a problem that is unique to .NET - it's the same for any web site ... .NET is only the environment you use to program the server - it ... If you want to have just the login page encrypted, you can post to an SSL ... > I have portal which does not have secure data right now. ...
    (microsoft.public.dotnet.framework.aspnet.security)