comment on

Here's what I just wrote for a web-security mailing list that pointed at that article:

I've seen the details, and I'm angry with the reporting. The problem is not Perl. The problem is undereducated Perl Programmers.
{sigh}
We experts can repeat over and over "use taint mode" and "don't let data become code", but if people don't follow the rules, Perl gets smeared as a result. "perldoc perlsec" covers quite a bit of this, and I've also written about Perl security frequently in my columns, such as "Computing Securely", and "Avoiding SQL Injection Attacks".
If anything, the problem is that Perl is too easy to code, and too easy to do something dangerous, so casual programmers can write sophisticated code without also learning about basic rules of dealing with untrusted data.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

In reply to Re: Attack on Perl or Perl's need better PR (again) by merlyn
in thread Attack on Perl or Perl's need better PR (again) by wazoox

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.