Perl Mongers
-
-
use strict; use warnings qw(all);
and Heaven's sake, global variables abound! Ack!
... is that Cancel subroutine using a META redirect when it's perfectly capable of doing a real HTTP one? Are those font-tags in the hard-coded print statements? Good lord.($name, $area, $email, $show, $info, $pass) = split ('£', $line);
... I've seen some creative separators in stupid data file formats, but this one is... unique.
-
Calling function like
&foo;
went out in perl 4. Those rows of print statements should be here-docs. Uppercasing the first letter of your function name is Bad Practice. All those one statement if blocks can beflock(FILE, 8) if $UseLocking
.
-
Are those... passwords? In plaintext? *reads the source* Shit, they are.
-
@Angstrom said:
Are those... passwords? In plaintext? reads the source Shit, they are.
You could go on about this code for hours. I think it's more of an OMG than a WTF, really...
-
Even worse is the db itself is wide open, not .htaccess'd or nothing.
-
They have a valid excuse I'd say...
from the HTTP headers on that CGI file:
Last-Modified: Wed, 04 Aug 1999 11:04:30 GMT
-
Just a wild guess-- from the quality of the rest of the code, and from the lack of error checking,
one might suspect the file locking is probably done all wrong.
-
Forget the code and the security:
At present the group aims to cover the South Wales area between Bridgend and Newport
I live 20 miles from Newport, and 22 from Bridgend. The chances are, this guy lives in my town!
-
@versatilia said:
They have a valid excuse I'd say...
from the HTTP headers on that CGI file:
Last-Modified: Wed, 04 Aug 1999 11:04:30 GMT
Further inspection reveals that while the PerlMongers website used to provide some CGI-type Perl-based service hosting to its members, it stopped some time ago due to security issues. This site is probably a relic from that bygone era, and the scripts are just no longer executable. I tried contacting the email address listed on the site and the message bounced. Perhaps I will try next to contact PerlMongers directly and see if this can't be taken down for potentially exposing security holes, and for general out-of-date-ness.
-
@adrianmw said:
Find him, drive to his house, ring, when he opens scream "WILL YOU, FOR GODS SAKE, SECURE YOUR SERVER PROPERLY?" in his face and leave.Forget the code and the security:
At present the group aims to cover the South Wales area between Bridgend and Newport
I live 20 miles from Newport, and 22 from Bridgend. The chances are, this guy lives in my town!
Oh, and have a friend record it with a camera and put it on youtube.
-
@halcyon said:
Find him, drive to his house, ring, when he opens scream "WILL YOU, FOR GODS SAKE, SECURE YOUR SERVER PROPERLY?" in his face and leave.
Oh, and have a friend record it with a camera and put it on youtube.
please Please PLEASE PLEASE do this!
-
@halcyon said:
@adrianmw said:
Find him, drive to his house, ring, when he opens scream "WILL YOU, FOR GODS SAKE, SECURE YOUR SERVER PROPERLY?" in his face and leave.Forget the code and the security:
At present the group aims to cover the South Wales area between Bridgend and Newport
I live 20 miles from Newport, and 22 from Bridgend. The chances are, this guy lives in my town!
Oh, and have a friend record it with a camera and put it on youtube.
that would be classic