Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] Explore Perl by an example

Expand Messages
  • Jenda Krynicky
    From: Dieter Werner ... CGI.pm is not as big memory hog as it may seem. Most of the code is not compiled if not used. If you still think
    Message 1 of 17 , Mar 23, 2004
    View Source
    • 0 Attachment
      From: "Dieter Werner" <hdw@...>
      > You are very right in a lot of things, but nobody will bring me to the
      > use of this 'monster' cgi.pm when I have to maintain a big number of
      > clients (at the same time) and to take care of the CPU resources.

      CGI.pm is not as big memory hog as it may seem. Most of the code is
      not compiled if not used. If you still think it's too big try
      CGI::Lite.

      > Please, nevermore write publically that my code is insecure - or just
      > prove it!
      >
      > There is a demo running at
      > http://www.everyscript.de/eAuction.html
      > everybody is allowed to hack this program in order to prove how
      > insecure it is!

      Your app doesn't seem to be in that a great shape anymore.
      I guess you'll find some files missing.
      I did not expect that the app will hang then though. All I wanted to
      do was to delete the data about the items.


      You are right that the eval""s in your code are safe. (At least I do
      believe they are.)

      You forgot to check other things though. Ever tried this?

      my $filename = "some_file.exe\0"
      open OUT, "> $filename.txt" or die "can't create: $!\n";

      Too bad ...

      Jenda
      P.S.: Now at last I can call myself a hacker in the media meaning.
      But you can't say you did not ask for it.
      ===== Jenda@... === http://Jenda.Krynicky.cz =====
      When it comes to wine, women and song, wizards are allowed
      to get drunk and croon as much as they like.
      -- Terry Pratchett in Sourcery
    • Jenda Krynicky
      From: Fortuno, Adam ... I would kind of agree about the code, but I disagree about the advice. How do you know it s bad? And even if
      Message 2 of 17 , Mar 23, 2004
      View Source
      • 0 Attachment
        From: "Fortuno, Adam" <fortunoa@...>
        > As a beginner, I always think twice before providing a suggestion
        > because of a note where Randal put his foot in my a$$. The lesson
        > learned is if you're going to give bad advice don't give it. If you're
        > going to promote poor code, don't promote it.
        >
        > Regards,
        > Adam

        I would kind of agree about the code, but I disagree about the
        advice. How do you know it's bad? And even if it is, do you know why?

        Giving someone a bad advice in private might be bad, but over here if
        you do give one, someone will surely correct you and (usualy) point
        out why was it bad. And even those that neither asked nor replied may
        profit.

        You just should not be attached to your advice and you should not
        take it personaly is someone says it was wrong. It was the advice
        what was bad, not you.

        Jenda

        ===== Jenda@... === http://Jenda.Krynicky.cz =====
        When it comes to wine, women and song, wizards are allowed
        to get drunk and croon as much as they like.
        -- Terry Pratchett in Sourcery
      Your message has been successfully submitted and would be delivered to recipients shortly.