It doesn't discuss CGI.pm, despite the already strongly asserted existance of that module. Instead, it discusses only CGI::Lite and cgilib.pl.

No, it didn't discuss CGI.pm... But, it did discuss the CGI::* modules. At the time, it looked like CGI::Base and friends might be the better choice for CGI programming. In fact, I'm not convinced that they wouldn't have been had they caught on and been as actively developed. Though it has gotten better, CGI.pm isn't the paragon of perl modules by any means. (But that ground has been covered here and I'm not inclined to go over it again.)

It is very lightweight with respect to discussion of security, despite security already being a significant issue in 1996.

Security was an important issue, yes, but the ways holes might pop up in CGI applications weren't all that well understood. The first edition mouse covered some problem areas like SSI and it did warn users: "Never expose any form of data to the shell." I agree it could have been... uh... louder about it. I imagine it wasn't for two reasons: 1) There wasn't a whole lot of practical experience with it and 2) the soon-to-be ubiquity of the web was unforeseen. With the web's huge success, however, practical experience with security issues increased dramatically. Really, I think the Mouse was due for a second edition by early 1998...

It shows step by step how to create a webmail gateway, but doesn't really discuss the fact that a wide open webmail gateway is a spam-house's dream.

Spam wasn't nearly the concern in 1996 that it is today. Sure, people complained about it. And those running UUCP gateways over dialup fumed outright. But for most everyone else it was more about aesthetics or principles than actual resources. Of course, spam seemed to increase dramatically between 1996 and 1997, so maybe I shouldn't be too quick to defend the first Mouse on this point...

Still, hindsight is 20/20 and all that. It's easy enough to point fingers, but it was just an example, right? It wasn't meant to be a full-fledged many-featured application. It was a little 5 line thing, and I'd wager it was intended more to get the creative juices flowing in the reader than anything else. It might have been nice if there was a little warning about how it could be used by nefarious marketers but then again, nefarious marketers hadn't started blasting spam through insecure web-based email gateways yet either. So, the threat may not have been that obvious.

-sauoq
"My two cents aren't worth a dime.";

In reply to Re: Re: Mouse vs. Mouse by sauoq
in thread Book Reviews getting unmanageable by PhilHibbs

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.