[Wolves] Perl and CGI Books

Barbie barbie at missbarbell.co.uk
Tue Nov 30 10:30:09 GMT 2004


On 30 November 2004 09:26 Mo Awkati wrote:

>> [1] http://nms-cgi.sourceforge.net/
> 
> I have had a look at the website and it seems just
> what  I want! Thanks! :-)

Excellent. The London Perl Mongers have really taken a lot of time to get the code right. If you have any problems, join the NMS users mailing list, and you'll get a quick response.

> Do I understand this correctly: I can use Perl but not
> CGI? ie I can use scripts put into the cgi-bin folder
> of the website and still use them without CGI-ing?

Not quite. CGI stands for Common Gateway Interface. It's a protocol not a language. However, CGI is implemented using many languages, including Perl, PHP, C and a whole host of others. The cgi-bin directory is the standard place to put scripts, as it's then possible to ensure that only scripts within this directory can be executed. It's just adds a small amount of security to your website, although it can still be breached if not set up correctly.

By running scripts, whether .cgi, .pl, .asp, .jsp or .php, you are running a CGI script. The script then interacts with the webserver, which handles the connection between your browser and the script.

The problems come from someone coding their script in such a way to open security holes, that others can abuse. There are a lot of potential security holes and it can take a long time to fully appreciate them. There are a couple of good books that look at security, which you might find interesting:

  Secure Coding: Principles & Practices (O'Reilly)
  Web Security & Commerce (O'Reilly)

> I have to admit I found Perl easy to understand.
> Everyone learns in a different way, so this is not a
> bad reflection on other languages. Because I
> understand it I can do the website tasks better.

Perl fitted my mindset, whereas Java and PHP took a while to comprehend. The most important thing to remember is the right tool for the job. There are instances where Perl is a great tool, but for some things it just isn't right. The same applies to any language. 

> I will observe the security issues. I am paranoid at
> the best of times! :-)

:)

When testing your website I would recommend having the following near the top of the script:

  use CGI::Carp qw(fatalsToBrowser);

This will report the underlying errors in your browser, and can help to fix problems. However, when you go live delete or comment out the line. It can give too much away. In the past there have been too many sites which have exposed database passwords and the like through this.

> I'll go over to the websites and have a look.
> 
> Many thanks for the advice

Glad to help.

Barbie.
-- 
Barbie (@missbarbell.co.uk) | Birmingham Perl Mongers user group | http://birmingham.pm.org/

______________________________________________________________________




More information about the Wolves mailing list