Programme archive: |
»Free & Secure Perl scripts« * |
|
|
For many years, CGI was equated to Perl programs. Although this is no longer the case, Perl is still widely used for CGI applications. One of the reasons why Perl became the default language was that the language itself already existed, and there were free Perl scripts available for common, basic tasks such as searching, keeping a counter, or mailing form input. Unfortunately, many of these early Perl CGI programs had serious security problems. In part this was due to Perl's rather undefined CGI environment at the time, but the problems were perpetuated by people who used the source of the programs to learn how to program in Perl. This gave Perl a reputation of consisting of insecure hacks, a characterization which it has partially--but not completely--overcome. A couple of years ago, some programmers, tired of telling their friends to avoid insecure scripts without being able to offer an alternative, began the nms project (http://nms-cgi.sourceforge.net/) to offer secure versions of common CGI scripts. The people responsible for nms are respected members of the Perl community; nms was founded by Dave Cross, author of 'Data Munging with Perl' (Manning Publications Company, 2001).The programs themselves are subjected to testing and peer review.The nms project strives to create drop-in replacements for common (insecure) programs. The programs run under Perl 5.004_04 (the current stable release, at the time of this writing, is 5.8.4). They are easy for non-programmers to install. Best of all, they display a clean writing style, so anyone tempted to learn about Perl based upon these examples won't inherit a collection of bad habits.In this talk I would like to cover some of the security problems in legacy scripts, and then introduce the nms project. I will also discuss individual nms scripts and talk about how free Perl scripts can still meet the needs of many small or casual websites. Finally I would like to cover how you can get started with Perl, if you perhaps have experience with free programs, but need something which is more tailored to your specific needs |
| |
|
|