| Re: Using a heredoc in PHP as in Perl [message #171943 is a reply to message #171938] |
Sat, 22 January 2011 02:55   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 1/21/2011 8:21 PM, P E Schoen wrote:
> "Twayne" wrote in message news:ihcvuo$4ki$1(at)news(dot)eternal-september(dot)org...
>
>> Actually, windows Apache servers are available in almost a turn-key
>> operation. It'll work for local testing right out of the box with
>> XAMPP, in fact. Then I just obtained the same rev of PHP the intended
>> remote server offered, and I was off and running in less than an hour
>> counting download time for the xampp package and PHP. IIRC it
>> comes with PHP 5.2.3 or thereabouts so if your server admin is any
>> good the Apache install and the included PHP might all work right out
>> of the box. Oh, it'll also run as a service, of course and comes with a
>> PHP MYAdmin panel.
>
>> Be sure to read the security tips if you're going to put it where the
>> 'net has access to it; as a test setup, some security is missing and
>> of course all the errors are turned on, not something you want in
>> production.
>
>> IMO it's a great product. I've never had a single problem with it
>> except for stopping to update it now and then. It's free open source
>> of course. And, there are other similar packages out there but xampp
>> is the one I settled on so it's all I can really talk about.
>
> I downloaded it from http://www.apachefriends.org/en/xampp-windows.html
> and now I have XAMPP installed. I copied my website files there, in the
> htdocs folder, so I was able to use my EventSubmit.htm to enter data.
>
> But it failed to run the EventProcessor.pl script in the cgi-bin folder.
> In fact, I tried to open files located there using the IE8 browser
> http://localhost and it gave errors of "Object Not Found", and with just
> the URL for the cgi-bin I got a Forbidden error. Yet I was able to
> access the files from FileZilla. And when I copied another directory I
> was able to use its URL and access the contents. I tried setting
> permissions in FileZilla and it complains that the chmod command is not
> implemented. I'll try the forum and a search, but it's probably
> something simple.
>
>>> Another downside of PHP is the lack of "Taint" checking,
>>> which makes Perl more secure in the case of subtle
>>> programming errors, or warnings really.
>
>> Never came across "taint" checking; that's new to me, or I know
>> it by a different name. If all you mean is Checking user input for
>> dubious or erroneous values, PHP most definitely is easily capable
>> of it. PHP above version 5 can do some great things for sanitizing
>> and preventing code injection in form inputs, just about anything
>> you can think of. JS seems to be the favorite means of code
>> injection in a gazillion different ways in forms and PHP makes it
>> pretty easy.
>
>> Warnings are something you NEVER want a visitor to see because
>> it gives away a lot of your methodology if someone is trying to hack
>> you or find a way in via a site form.
>
> I don't fully understand taint checking but here is a document that
> explains it in great detail:
> http://perldoc.perl.org/perlsec.html
>
> I use it when checking a perl script from the command line where I also
> turn on warnings. And there is also a command line option for compile
> only (-c) which is useful for new code. It seems that PHP gives very
> detailed verbose warnings and error messages, while for Perl, not so much.
>
> Thanks for the ideas. It will be good when I finally fix this
> implementation.
>
> Paul
Unfortunately, Paul, while XAMP is great for setting up Apache, MySQL
and PHP, it doesn't come configured for any other products, like Perl.
You'll need to do that part yourself.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]