in reply to Test Driven Development, for software and for pancakes

me heating up my two cast iron pans

I like to use a Scanpan myself, and fried rice. :-)

I'm a total amateur compared to you fellows, but I do find when I write my code, for the first draft, I almost always print out arrays and variables after everytime I use them. I almost always get things wrong the first time thru, so my method is very helpful to me.

It's my guess is that the reason TDD failed is that the Test that you didn't account for, is the one that causes the bug, ( if any).

What is more worring to me is the security vulnerabilities which Perl5 is susceptible to.

For instance, could a normal or guest user on your machine, with access to Perl scripts, cause a buffer-overflow of some sort, and gain root access? I'm sure the NSA would pay for that information. :-)

How safe is Perl out there in the wild? Are systems being hacked thru Perl? As far as know, Perl has been very safe in my limited use. I guess security is the number one test.

I'm not really a human, but I play one on earth. ..... an animated JAPH
  • Comment on Re: Test Driven Development, for software and for pancakes

Replies are listed 'Best First'.
Re^2: Test Driven Development, for software and for pancakes
by talexb (Chancellor) on Jul 24, 2017 at 14:01 UTC
      Are systems being hacked thru Perl?

    To me, Perl is just a big lever, allowing me to make use of the underlying operating system to get things done efficiently. As far as vulnerabilities go, I see two possible vectors, 1. through Perl itself, and 2. through the underlying operating system.

    Perl is open source -- so any dark corners or clever secrets would probably have been found and patched/removed long ago. It's under constant use in this day and age, so any security weakness would be found, discussed, patched and back-ported.

    It's the underlying operating system's responsibility to make it impossible for any elevation of privileges or any unauthorized access. Again, any potential weaknesses are (should be) reported as soon as they're found, and updates made.

    That's not to say that Perl is 100% safe (for some definition of 'safe'); you'd have to consult with a computer security expert on that. I'm not that guy. :)

    Alex / talexb / Toronto

    Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

[reply]

      I offer 3. through the client or transport layer if mishandled at the code level. There have been some really esoteric bugs like the UTF-7 XSS exploit in older IEs. Not a lot of devs know/knew that even doing something as seemly harmless, and rampantly common, as character encoding improperly could be a security hole.

[reply]
          .. in older IEs ..

        Since IE is a Microsoft browser that only runs on Microsoft operating systems, my thinking is that this still falls under the second of my vectors, and is an extension of the operating system.

        As part of the testing of each version of Windows, it makes sense that Microsoft would test all versions of IE under each version of Windows. Whether or not each browser version and each operating system version is supported, may be open to question or interpretation.

        Alex / talexb / Toronto

        Thanks PJ. We owe you so much. Groklaw -- RIP -- 2003 to 2013.

[reply]

In Section Meditations