Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Good Coding?

by nlafferty (Scribe)
on Jan 23, 2002 at 22:15 UTC ( [id://140964]=perlquestion: print w/replies, xml ) Need Help??

nlafferty has asked for the wisdom of the Perl Monks concerning the following question:

I have a question that will help me and perhaps others. When you write a CGI script. You include -w and use strict;. The code works fine, but how do I find bugs that might not appear until down the road. Or an exploit of some sort that a malicious person could take advantage of.

Of course, use taint; would help. But I'm talking perfect code (as far as we know). What are some common mistakes in CGI scripts that could "break". More specifically, in my case a program of multiple scripts that use an SQL database for storing form data. Thanks.

Replies are listed 'Best First'.
Re: Good Coding?
by BazB (Priest) on Jan 23, 2002 at 22:41 UTC

    To keep chromatic happy: test, test, test.

    Give the code to your peers to review the code, do some QA testing.

    After that, give it to a group of users that have no idea what the script is supposed to do - monitor how they're using the script - users have this annoying habit of breaking a piece of code you previously though was near prefect.

    Modularise the code as much as possible and test each piece separately and as a unit.

    Use CPAN modules for common tasks - they've been well tested and proven in real life, that hand-rolled parser (or whatever) hasn't.

    I've already got several nodes on this topic listed on my homenode, but I'll reproduce them here:


    Use Super search - I'm sure there are many more nodes on the subject.

    Test, test, test.

Re: Good Coding?
by mkmcconn (Chaplain) on Jan 23, 2002 at 22:32 UTC

    What are some common mistakes in CGI scripts that could "break" -- nlafferty

    I should probably let Ovid tell you, but I think that a good answer to your question is at Ovid's CGI course.
    mkmcconn

Re: Good Coding?
by hakkr (Chaplain) on Jan 23, 2002 at 22:46 UTC

    Once you've eleiminated most of your bugs it's genaraly the environment that can cause the most trouble. Here's some off me head I've encountered during my daily grind.

    If Mysql is down your DBI connection will break your script.
    •Use an eval or try/catch when executing

    File locking can cause problems
    •use file control

    Badly set up apache/Mysql
    •Ensure apache timeouts, max number children etc are ok

    System calls have the potential to break your script. Forking off multiple processes can help, when they fail your main process carries on.

    Calls to various modules may also cause your script to break

    Users can also cause bother with
    Back Buttons
    •use http headers to prevent caching

    Proxy Servers
    •Can interfere with authentication and sessions

    Turned off features, Old Browsers and Apple Macs
    • Cookies turned off unsupported etc

Re: Good Coding?
by nlafferty (Scribe) on Jan 23, 2002 at 23:37 UTC
    Thanks for the help, everyone. This has been a terrific help. The tutorial by Ovid is great and a lot of help. I have been programming in perl for months now and this tutorial gives a good explanation of things that I failed to understand before. Peace be with all of you!

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://140964]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (6)
As of 2024-03-28 15:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found