All the Perl that's Practical to Extract and Report

Excuse for lack of security

merlyn on 2007-09-10T15:34:35

Often, when I warn of security concerns for newbie web programmers, they retort "but I don't have anything of value... it's just my blog, so I don't care".

The point is, they have a server. It's a potential spamming location, or anonymous platform from which to launch more dangerous attacks. What they have is net and CPU. That's useful to someone.

Maybe there should be some sort of license before you're allowed to expose a web server to the public net. {sigh}

There was a time...

defyance on 2007-09-10T17:35:51

...when I would have disagreed with you :). Spending the last few years as a syadmin have opened my eyes, however. If I ran an ISP that provided webspace of any kind, I'd have a code review team that would have to approve the code before the users can upload something potentially dangerous. Sounds kinda harsh and big brother like, but I see it as protecting my other users, and my investment in bandwidth & hardware. If you want to throw up your own code and don't care about what happens, get your own box on a cable line, or go to another ISP that doesn't care.

Then again, I would probably never get any customers :(

But I have this index.php...

Eric Wilhelm on 2007-09-11T08:24:51

<?php include($_GET["page"]) ?>

I actually heard a firsthand account of this today. Now that's web 2.0!

Re:But I have this index.php...

defyance on 2007-09-11T13:06:43

No no, that's web ID10T!