All the Perl that's Practical to Extract and Report

Countdown - 10 days and laughing

Ovid on 2002-06-20T17:08:47

Okay, the person who wrote L'ane POS has really done a lot of work and I don't want to knock it, but eval'ing code stored in the database? And said code has subtitutions with the /e switch?

And the code makes reference to the LanePOS::CreditCardServices module, which we don't have. Hmmm...

my eval defense

jaybee on 2002-06-20T22:04:50

OK, given this journal entry, I feel I have to defend my use of eval in L'anePOS.

First, Perl was selected for platform independence. I wanted to be able to extend the system with plugins written in the same language as the main application. I also wanted to store the plugins in the database in order to reduce the number of communication channels that would need to be secured in a system. As PostgreSQL supports SSL easily, I feel the plugins stored in the database would be more secure than plugins stored in a network filesystem. Also, the evals only use code stored in the sysStrings table which is only modifiable by dbas.

The specific /e substitutions: the code in the right side of the s/// is a simple multiplication with a constant. I must admit that I wouldn't have coded that plugin like it is if I were to rewrite today. But, that doesn't mean I think there is a security problem with that code either.

Read the above with the following in mind: "there is nothing as ferocious as a parent protecting its child." ;)

OH, and the CreditCardServices...
We were considering writing a credit card authorization package for L'anePOS based on documents from Vital PS. As another free software developer had problems getting Vital to certify his/her package, I didn't commit any more time to the project. Besides, you wouldn't have liked my CCS as it stored card info and initialization code in the database. ;)

Re:my eval defense

Ovid on 2002-06-20T22:31:35

Aah ... I wondered if the person who wrote L'ane would eventually read this. Hope I didn't sound too harsh :(

I am currently working on LanePOS::CreditCard which relies on the MCVE engine. I don't know if it's going to be implemented, though, as they can always swipe cards by hand.

Hopefully, when we're at a more stable spot, we can send back to you most of the work that we've done, along with what will likely be over 1,000 tests for the system :)

Re:my eval defense

jumpymonkey on 2002-10-14T04:38:16

As a user of LanePOS, I couldn't be happier with the results. Outstanding reliability and performance with Perl, Tk and Linux. The fact that I can run a retail business with these technologies is a statement of quality due to dedicated individuals like Jason. I'm not a Perl expert but I am impressed with the overall design of register and related modules. The code reads well and is very modular in nature. I'm a Unix Sys Admin and I use Perl for my routine administrative needs. What Jason and others like him have done help solidify Perl's credibility to the Pointy Haired Bosses of Corporate America. Some of whom spend money in my wife's cafe and see TUX proudly displayed on our POS hardware.