At 03:58 PM 07/10/2001 -0700, Randal L. Schwartz wrote:
>Please note that CGI.pm is a special case.
>
>Too many books show bad handrolled code.
>
>Too many downloads have bad handrolled code.
This I couldn't agree with more. It is definitely apropos (and an
obligation) to compel someone to use CGI.pm when it's obvious that they are
a C.P.P. ("cut-and-paste-programmer" :)
>Most people using this code are not programmers trying to invent
>better code to handle the CGI protocol, but are just trying to get
>interactivity into their web pages.
>
>Code that was being handrolled for personal use almost always ends up
>being shared, starting Yet Another bad implementation into the meme
>pool.
>
>Doing the CGI protocol *wrong* means it'll break or open a security
>hole for some combination of browser, server, upload, language, form
>value, or whatever that the person didn't test.
>
>Lincoln Stein has been yelled at enough to get it right, in a very
>portable way.
All excellent points.
>So, for CGI.pm, we have an especially itchy trigger finger to say "DO
>NOT DO THAT".
>If you can show me where else that happens, I can probably show you a
>similar story. But I don't think you'll find many other examples.
Now that I think about it, you're right. Most of the "spankings" have been
in reference to some CGI related issue where the original poster should
have just been using CGI.pm.
I think i'll go crawl back into my philosophical hole now.... :)
____________________________________________________________
mel matsuoka Hawaiian Image Productions
Chief Executive Alphageek (vox)1.808.531.5474
[EMAIL PROTECTED] (fax)1.808.526.4040
