Code muttering.
Aug. 9th, 2005 05:41 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
talarubiHmmm, I recently finished reading a big chunk of the Camel Book, the first time I managed to slog through it. And for its age, I'm pretty impressed with what the core Perl language claims to do. Tied variables in particular are interesting because it sounds like you could really extend on the tainting mechanism.
Imagine a $formfield->input() method that returns apparently normal strings, except they're really part of a tagged object in disguise. Should you try to call $webpage->print() on one, it will check the tied object and say "hey, I should &entitify this!". Suddenly an XSS bug goes away. The only problem is, I don't know how you'd stop string interpolation from removing the magic. But if you're interpolating form input right into your HTML and SQL, you probably deserve what you're getting yourself into...
Hmm, hmm, lots of interesting thoughts. I wonder where all the module docs are, I want to have some Perl to manage my CDR backups. I think cdrecord even works on windows. Ooooo.
Of course, by the time I really learn perl 5, perl 6 will be out in force. That's alright, the feature list looks positively delicious... amusingly it's a large step closer to Haskell (indeed, they are writing their bootstrap compiler in it)! Caveat: Haskell deeply confuses me in practice.
Imagine a $formfield->input() method that returns apparently normal strings, except they're really part of a tagged object in disguise. Should you try to call $webpage->print() on one, it will check the tied object and say "hey, I should &entitify this!". Suddenly an XSS bug goes away. The only problem is, I don't know how you'd stop string interpolation from removing the magic. But if you're interpolating form input right into your HTML and SQL, you probably deserve what you're getting yourself into...
Hmm, hmm, lots of interesting thoughts. I wonder where all the module docs are, I want to have some Perl to manage my CDR backups. I think cdrecord even works on windows. Ooooo.
Of course, by the time I really learn perl 5, perl 6 will be out in force. That's alright, the feature list looks positively delicious... amusingly it's a large step closer to Haskell (indeed, they are writing their bootstrap compiler in it)! Caveat: Haskell deeply confuses me in practice.
