Re: Re: Re: A serious security problem with CGI.pm 3.01?

Im sorry for starting a big problem with the cgi thing :)
So it wasnt me being thick after all?
I thought maybe you had to create the cgi.pm yourself by using the makefile.pl.

Anyway, I've decided to just use a CGI.pm that arturo advised. (tan-ku)
Seems to be working ok now.
Why do things have to be so complex?, to be honest I don't like using the CGI.pm as I like making code myself and planning where it goes, how i get it etc. Im one of these people who likes to know i did it all, typed every character of it.
Its as though the CGI.pm interupts the way i should think. (even though im sure it does everything perfectly well). I know I'll never use the HTML part of it either. Mind you, the things I'm creating arent massive as Im a learner. Im sure its more useful for programmers designing MASSIVE systems... saves typing as much. (or maybe its just for lazy people.. or even people who don't know html).

Im talking arse aren't I?,
I'll stop now :))

ThAtH0M

Comment on Re: Re: Re: A serious security problem with CGI.pm 3.01?

Replies are listed 'Best First'.
Re: Re: Re: Re: A serious security problem with CGI.pm 3.01? by tachyon (Chancellor) on Jul 11, 2001 at 22:31 UTC
Inumerable hours have gone into devising CGI.pm It is not perfect but it is well tested and reliable. For some scary info on the problem invoked via bad CGI parsing see: Use CGI or die; No excuses about not using CGI.pm and Ovid's CGI tutorial. You had me worried for a minute there! cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply]
Re: Re: Re: Re: A serious security problem with CGI.pm 3.01? by sierrathedog04 (Hermit) on Jul 12, 2001 at 05:50 UTC
I like CGI.pm, but my very successful six-figure per annum website brother refuses to use it. He says that CGI.pm hides from the programmer what is going on and gives the impression that running CGI is some arcane and mysterious art. I asked my brother what about using param() to handle non-standard characters in HTML form input. He said he has a few regexes that do it and he doesn't need Lincoln Stein's code to check input for him.	[reply]
Re: Re: Re: Re: Re: A serious security problem with CGI.pm 3.01? by pileswasp (Monk) on Aug 10, 2001 at 13:46 UTC
Way, way back in like 1998 or something in TPJ (bless its little cotton socks) there was an article called something like "Perl Heresies". One of the heresies in this article was that you should <STONG>always use modules. Before I get jumped on I'll explain the rest of its gist. The argument went something along the lines that, if it's work related then you have a responsibility to your client/employer/whatever to write good code efficiently and quickly, so, in this situation, modules - particularly ones such as CGI.pm - are a good thing, but that, in certain circumstances it can be much more efficient to write a quick line or two to handle a small portion covered by a module rather than go to the trouble of loading a whopping great module in (I think the example was Date::Manip and figuring out what day it was yesterday or something) However, when it comes to "messing around", re-inventing the wheel can be really good for you. It will give you a much better understanding of what goes on behind the scenes when you are using other peoples modules and if you ever have to invent the wheel for some reason then you're not going to be totally clueless and starting from scratch. My apologies to the author of the article if I've totally mis-represented it :)	[reply]