When it comes to security, it does not pay to reinvent the wheel.

From the FAQ:

But there are perfectly good programs already out there, why bother?

Actually, there aren't really.

Most CGI programs that are available for free download really aren't very good at all. Most of them seem to be written by people with very little knowledge of Perl.

Many of the developers on nms have been very active in the Perl community for years. They know Perl and CGI programming very well.

The problems with most other CGI programs, fall into three categories:

  • The programs are insecure. Putting a CGI program on your web site is very risky. It means that you are allowing anyone to run a program on your web server. Unless these programs have been written very carefully, you may be allowing unscrupulous people (known as crackers) to gain access to more information than you intend. Eventually the crackers may be able to take control of your web server.

  • Perl makes it very easy to write secure programs. Unfortunately, most CGI program authors don't seem to know this.

  • The programs are buggy. Many of the other programs have had no kind of code review. This means that they often still have bugs in which can cause problems on your web site. You may be the first person to discover this bug. The support you get from the authors of these programs can be very patchy. I have never received a reply from Matt Wright when I've reported a bug in his scripts.

  • The nms project has a large number of developers, therefore each line of code has been seen by many people. The chances of bugs is much reduced. Additionally, we have a dedicated mailing list to deal with support issues.

  • The programs are badly written. Whilst many people simply install these programs and never look at the code, others will read CGI program code as a way to learn to write their own CGI programs. We therefore feel it is important that our scripts reflect the best Perl coding practices. Others don't share our views and many people have learned very bad coding habits from reading Matt Wright's code.

    • In reply to Re^3: CGI recipient Option by ikegami
    in thread CGI recipient Option by quissett

    Title:
    Use:  <p> text here (a paragraph) </p>
    and:  <code> code here </code>
    to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.