I surfed to http://www.linux.com and discovered following article about CGi's : http://www.linux.com/develop/newsitem.phtml?sid=1&aid=12483. He catched data from a form, off course untaints it.

But now I pose the question. Does he want to teach how http and CGI works or does he want to teach the readers perl? Because if he wants to teach the readers perl he should recommend to use CGI.pm. Not?

--
My opinions may have changed,
but not the fact that I am right

Replies are listed 'Best First'.
Re: Linux.com and CGI
by Masem (Monsignor) on Aug 01, 2001 at 17:05 UTC
    I believe he's trying to do both.

    Coming from an area where it's common to plug-n-chug equations without knowing what's behind them, I firmly believe that it's important to try to teach someone the basics as how something works or operates, even if they probably will never actually get at that level. This article is a good example; before you go out and "use CGI.pm", it's a very good idea to know how the CGI mechanism works with the browser, how form data is sent back and forth, how cookies work, etc. CGI.pm allows you to ignore most of those details, but it's rather easy to spot those programmers that use CGI.pm but don't understand CGI (eg double header()'s).

    In the case of this article, I think he's trying to teach the concept of CGI and HTTP, and possibly showing some of the security features that are needed with perl. This is fine, but I would expect that if this were a continued multipart series, the next installment would introduce CGI.pm, saying "now that you see the complexities behind the CGI request, let's see how to simplify it in perl...". If he doesn't do that, then yes, he's doing a disservice in as much as Matt's Script Archive is to the novice perl programmer.

    But again, back to my first point, if he simply jumped in to CGI.pm, without an explation of what CGI is , or without having a prerequisite to this article that knowing how CGI/HTTP works is necessary, then it would also be a bad article. Knowing CGI.pm without knowing CGI is just trouble waiting to happen.

    -----------------------------------------------------
    Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain

[reply]
Re: Linux.com and CGI
by trantor (Chaplain) on Aug 01, 2001 at 18:22 UTC

    I substantially agree with Masem. Especially in realms such as the Web, it's important to know what you are doing, and what happens behind the scenes.

    Even more so using our beloved language, because Perl gives you enough rope to hang yourself.

    I hope that the author has an article ready on CGI.pm though, which can be really well understood at this point (and some HTML knowledge isn't bad at all).

    Don't get me wrong, it's great to be able to use a language supported by such a precious community, and CPAN is by no means an astounding result.

    But I think that especially learners can benefit from seeing and implementing from the grounds up. It really helps in getting the big picture sorted.

    After all, we don't like the Perl programmers community to turn into a Component Assemblers community as happened with another well known prototyp... err programming language, do we? :-)

    Very unlikely to happen with Perl anyway, because we have access to the source code of so many, so well written modules, we can contribute and improve them, we can make the World a better place... but for this to happen, it is important (at least, in my opinion) that programmers are introduced to the joy of modules as well as what's behind them.

    There are for sure people who are not interested in the gory details and just want to use a ready made module. That's what they are for, and it's perfectly reasonable. As long as you know what yuo are doing, which is certainly not the case if you're a Perl beginner writing CGIs :-)

    To summarize, I support the author's choice of explaining the CGI and Perl the way he did. I found the article well written and informative, and I also hope he'll talk about the natural next step which is of course CGI.pm.

    -- TMTOWTDI

[reply]
[d/l]
      I didn't say the article was bad. It was actually quite good... Because he mentioned security and how it works.



      --
      My opinions may have changed,
      but not the fact that I am right

[reply]
Re: Linux.com and CGI
by the_slycer (Chaplain) on Aug 01, 2001 at 18:44 UTC
    It was a good article, but I did not like this line:

    Thus, taint mode is only as good as your ability to write a regular expression that matches secure strings. For that reason we find taint to be overkill and not much useful for the majority of CGI programmers, though of course others would disagree.

    For experienced CGI programmers - MAYBE - although I still believe it should be used the majority of the time. However, in this case the article is geared towards newbies, hence, IMHO, he should not dismiss Taint mode so easily.

    The article did mention security, showed regexes to clear out anything other than wanted characters, provided a link to more discussions about security, and mentioned taint mode, then dismissed taint mode as useless.
    *sigh*
[reply]

Back to Meditations