[Wolves] Perl and CGI Books

Mo Awkati mawkati at yahoo.co.uk
Tue Nov 30 09:26:38 GMT 2004 

 --- Barbie <barbie at missbarbell.co.uk> wrote: 

Hi Barbie
> 
> First off have a look at the NMS site [1]. If you
> have to download Perl scripts from anywhere on the
> web that is the only place to go. The scripts are
> written by experts in their field, and that includes
> security, not just Perl. Every single script has
> been peer reviewed and has a very responsive
> developer community.
> 
> [1] http://nms-cgi.sourceforge.net/
> 


I have had a look at the website and it seems just
what  I want! Thanks! :-)



> Secondly, I would agree with sparkes' comments,
> "DON'T DO CGI! EVER!". Unless you do understand CGI,
> and this goes beyond Perl, then you can open
> yourself up to a whole heap of trouble. That said,
> yes Perl is often seen as a quick hack, but that is
> mainly because there is so much code on CPAN [2]
> (the Perl library source repository) that pretty
> much does everything you ever wanted to do. However,
> putting it all together responsibly can be tricky
> and where most fall over.
> 
> [2] http://search.cpan.org


Do I understand this correctly: I can use Perl but not
CGI? ie I can use scripts put into the cgi-bin folder
of the website and still use them without CGI-ing?



 
>   Programming Perl (O'Reilly)
>   Learning Perl Objects, References & Modules
> (O'Reilly)
>   Data Munging with Perl (Manning)
>   Object Orientated Perl (Manning)
> 
> Also worth reading as extras are:
> 
>   Perl Debugged (Addison Wesley)
>   Perl Medic - Transforming Legacy Code (Addison
> Wesley)
>   DeBugging Perl (Osbourne McGraw Hill)
> 
> There is also a couple of books that might be worth
> investigating, that I haven't read, but others have
> rated:
> 
>   Perl for C Programmers (New Riders)
>   Embedding and Extending Perl (Manning)
>   Effective Perl Programming (Addison Wesley)
> 

Thanks for the info, I'll investigate the books.


> Perl is not the only language that can do CGI, and
> CGI is not Perl's only talent. Often the two
> statements get confused. PHP was written for the
> web, and speaking to Rasmus recently, he only ever
> intends to support the CGI aspect of PHP. As such
> its well crafted for that job and that alone. I
> personally haven't had any experience of Python, but
> sparkes has already commented on it's merits.
> 

> I would disagree with sparkes with regards to Perl
> not being a good learning language, as many come to
> the language from knowing C and shell scripting.
> Along with sed and awk, they fit Perl's way of
> thinking very well. There are plenty of quick
> scripts you can get up and running and once you get
> to know Perl you'll get to know the idioms that make
> it better.
> 

I have to admit I found Perl easy to understand.
Everyone learns in a different way, so this is not a
bad reflection on other languages. Because I
understand it I can do the website tasks better.


> However, coming back to your original question.
> Diving in the deep-end with Perl and CGI is not to
> be taken lightly. However, Perl does have one very
> useful little weapon in it's security arsenal and
> that's 'taint'. using -T to taint your data, can
> largely safe guard the obvious attacks. It's
> surprising how many CGI scripts written in Perl
> forget about it. However, the SQL injections that
> are common attacks, can be done in virtually any
> language and is largely down to bad coding
> practices, rather than the language.
> 
> > The language has to be supported by the website
> host.
> > I know they support Perl. By the sound of it PHP
> > sounds like a nightmare :-) what is the best
> option?
> 
> As long as you are thinking about security, ensuring
> that you are using coding practices, and are using a
> good Perl book, then you could do worse :)
>

I will observe the security issues. I am paranoid at
the best of times! :-)


> As sparkes has also note Perl runs on Windows as
> well as Linux. In fact it's regularly tested on over
> 60 different operating systems (although to be fair
> some are different flavours of the same thing). If
> you are using CPAN modules you can be pretty much be
> assure they are reliable, as the cpan-testers (of
> which I'm one) among others, will jump on bugs and
> the like very quickly, and most authors patch and
> resubmit very quickly too.
> 
> If you ever feel like coming along to one of the
> Birmingham Perl Monger [3] meetings, we can give you
> some useful hints and tips regarding Perl. Our
> technical meetings have finished for the year now,
> but we'll be starting those up again in March.
> However, our social meetings are the second
> Wednesday of the month (although that occasionally
> clashes with the WolvesLUG), but if you ever want
> some advice you could always join our mailing list
> [4].
> 
> [3] http://birmingham.pm.org
> [4] http://birmingham.pm.org/docs/subscribe.html
> 
> HTH,
> Barbie.
> -- 

I'll go over to the websites and have a look.

Many thanks for the advice

Mo





		
___________________________________________________________ 
Win a castle for NYE with your mates and Yahoo! Messenger 
http://uk.messenger.yahoo.com

More information about the Wolves mailing list