I never said they were all good - just the ones I've come across so far. I think it's a bit much to be attempting to judge my abilities simply on a single comment made on this site.

Yes, maybe I've missed the odd thing, but I also never said I was the oracle of all things Perl, IT, Internet etc etc etc

I was simply attempting to make the point that Perl can indeed be used to create a decent solution as demonstraited by several products already on the market.

You make some valid points about possible vulnerabilities (which surely are possible in a solution written in any language?) but you could have phrased them in a slightly less patronising way.

You don't know me, I don't know you. Please keep the comments to Perl and keep them constructive.

You seem to have underestimated the seriousness of what I'm raising.

Most shopping cart implementations out there, in Perl or otherwise, tend to be crap. It is very common for them suffer from one or more of the problems that I listed. In order those problems allow people to steal products from you, steal your database from you (mmm...credit cards!), creates a significant usability problem, and allows your site to be defaced. Each afflicts a large fraction of shopping cart implementations. And yes, there is nothing Perl-specific about any of them.

In short the problems that I've listed are not just theoretically possible, they are widespread. And they are not just "the odd thing" to miss, they are serious issues that you really don't want to miss.

If you've looked at "a fair number of shopping carts" and have never seen these problems, then I must conclude that you've either been unbelievably lucky or else you do not know to look for them. I choose not to believe in luck, you have seen bad shopping cart applications. In which case your opinions on quality must be wrong. Dangerously so.

Now I could make this point in a gentle way. And run the risk that you would be left thinking that I'm just presenting a minor consideration and your advice was mostly fine. Or I could, as I have done, make the point bluntly enough that there is no possibility of your missing the fact that I think your judgement was wrong. At the cost of likely offence.

I try not to offend lightly. And I did not lightly choose to do so this time.

I'm sorry, I made a single comment in a single sentance and I fail to see how that's grounds for making informed personal judgements on me.

I've been part of this community for a few years now and have a good reputation as far as my postings go so please don't treat me like some "Perl in 24 hours" newbie.

Yes, I should have expanded on what I said and yes I agree with most of your points on security issues et al - but then the same applies to any online enterprise. Did I say "just install this badly written CGI script and be done"? No. I'd expect any kind of e-commerce operation to be paying tight attention to security on many levels - not just the particular shopping cart code. I'd hope that anyone setting up an e-commerce site wouldn't be quite as naive as to not thoroughly test the security and robustness of the code they're using.

--- Jay

All code is untested unless otherwise stated.