So I've been looking to make an online calendar that uses mySQL to store/update data. I've looked around quite a bit online and all the free "canned" scripts (like from CGI-resources.com, one from Matt Kruse (surprise!)) are really insecure. It's like the programmers completely don't care about tainting and security. I think I'm starting to see a pattern.

My idea was to take a script and modify it to use mySQL, but they are all so far gone with security that I might as well write one altogether.

I'm relatively new to perl, and wondering if this is true of all canned scripts? I don't really want to reinvent the wheel, but then I'm not going to put important data at risk either. I think I'm basically stuck writing my own, maybe grabbing useful subroutines out of some of the free scripts.

Are there any "more secure" perl script collections out there? Maybe something moderated by a perl hacker who knows what to look for?

Is this an idea that could be implemented in the Monastery? Obviously, there would be many caveats attached, like "these scripts are deemed MORE secure, but not perfect." I think this would be an excellent learning tool, at least for me, to see better ways to implement secure scripts.

Just a few thoughts. . .

In reply to A rumination on finding secure scripts, versus rolling-your-own by Hero Zzyzzx

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.