Re: Using a heredoc in PHP as in Perl [message #171938 is a reply to message #171934] |
Sat, 22 January 2011 01:21 |
P E Schoen
Messages: 86 Registered: January 2011
Karma:
|
Member |
|
|
"Twayne" wrote in message news:ihcvuo$4ki$1(at)news(dot)eternal-september(dot)org...
> Actually, windows Apache servers are available in almost a turn-key
> operation. It'll work for local testing right out of the box with XAMPP,
> in fact. Then I just obtained the same rev of PHP the intended
> remote server offered, and I was off and running in less than an hour
> counting download time for the xampp package and PHP. IIRC it
> comes with PHP 5.2.3 or thereabouts so if your server admin is any
> good the Apache install and the included PHP might all work right out
> of the box. Oh, it'll also run as a service, of course and comes with a
> PHP MYAdmin panel.
> Be sure to read the security tips if you're going to put it where the
> 'net has access to it; as a test setup, some security is missing and of
> course all the errors are turned on, not something you want in production.
> IMO it's a great product. I've never had a single problem with it
> except for stopping to update it now and then. It's free open source
> of course. And, there are other similar packages out there but xampp
> is the one I settled on so it's all I can really talk about.
I downloaded it from http://www.apachefriends.org/en/xampp-windows.html and
now I have XAMPP installed. I copied my website files there, in the htdocs
folder, so I was able to use my EventSubmit.htm to enter data.
But it failed to run the EventProcessor.pl script in the cgi-bin folder. In
fact, I tried to open files located there using the IE8 browser
http://localhost and it gave errors of "Object Not Found", and with just the
URL for the cgi-bin I got a Forbidden error. Yet I was able to access the
files from FileZilla. And when I copied another directory I was able to use
its URL and access the contents. I tried setting permissions in FileZilla
and it complains that the chmod command is not implemented. I'll try the
forum and a search, but it's probably something simple.
>> Another downside of PHP is the lack of "Taint" checking,
>> which makes Perl more secure in the case of subtle
>> programming errors, or warnings really.
> Never came across "taint" checking; that's new to me, or I know
> it by a different name. If all you mean is Checking user input for
> dubious or erroneous values, PHP most definitely is easily capable
> of it. PHP above version 5 can do some great things for sanitizing
> and preventing code injection in form inputs, just about anything
> you can think of. JS seems to be the favorite means of code
> injection in a gazillion different ways in forms and PHP makes it
> pretty easy.
> Warnings are something you NEVER want a visitor to see because
> it gives away a lot of your methodology if someone is trying to hack
> you or find a way in via a site form.
I don't fully understand taint checking but here is a document that explains
it in great detail:
http://perldoc.perl.org/perlsec.html
I use it when checking a perl script from the command line where I also turn
on warnings. And there is also a command line option for compile only (-c)
which is useful for new code. It seems that PHP gives very detailed verbose
warnings and error messages, while for Perl, not so much.
Thanks for the ideas. It will be good when I finally fix this
implementation.
Paul
|
|
|