Perl Mongers



  • http://south-wales.pm.org/


    Click on the 'Members' link on the left and you get the source.. 



  • use strict;
    use warnings qw(all);
    

    and Heaven's sake, global variables abound! Ack!


    ... is that Cancel subroutine using a META redirect when it's perfectly capable of doing a real HTTP one? Are those font-tags in the hard-coded print statements? Good lord.

    	($name, $area, $email, $show, $info, $pass) = split ('£', $line);

    ... I've seen some creative separators in stupid data file formats, but this one is... unique.



  • Calling function like

    &foo;
    went out in perl 4. Those rows of print statements should be here-docs. Uppercasing the first letter of your function name is Bad Practice. All those one statement if blocks can be
    flock(FILE, 8) if $UseLocking
    .



  • Are those... passwords?  In plaintext?  *reads the source*  Shit, they are.



  • @Angstrom said:

    Are those... passwords?  In plaintext?  reads the source  Shit, they are.


    You could go on about this code for hours. I think it's more of an OMG than a WTF, really...



  • Even worse is the db itself is wide open, not .htaccess'd or nothing.



  • They have a valid excuse I'd say...

    from the HTTP headers on that CGI file:

     

    Last-Modified: Wed, 04 Aug 1999 11:04:30 GMT

     



  • Just a wild guess-- from the quality of the rest of the code, and from the lack of error checking,

    one might suspect the file locking is probably done all wrong.

     

     



  • Forget the code and the security:

    At present the group aims to cover the South Wales area between Bridgend and Newport

    I live 20 miles from Newport, and 22 from Bridgend. The chances are, this guy lives in my town!



  • @versatilia said:

    They have a valid excuse I'd say...

    from the HTTP headers on that CGI file:

     

    Last-Modified: Wed, 04 Aug 1999 11:04:30 GMT

     


    Further inspection reveals that while the PerlMongers website used to provide some CGI-type Perl-based service hosting to its members, it stopped some time ago due to security issues. This site is probably a relic from that bygone era, and the scripts are just no longer executable. I tried contacting the email address listed on the site and the message bounced. Perhaps I will try next to contact PerlMongers directly and see if this can't be taken down for potentially exposing security holes, and for general out-of-date-ness.



  • @adrianmw said:

    Forget the code and the security:

    At present the group aims to cover the South Wales area between Bridgend and Newport

    I live 20 miles from Newport, and 22 from Bridgend. The chances are, this guy lives in my town!

    Find him, drive to his house, ring, when he opens scream "WILL YOU, FOR GODS SAKE, SECURE YOUR SERVER PROPERLY?" in his face and leave.

     Oh, and have a friend record it with a camera and put it on youtube.
     



  • @halcyon said:

    Find him, drive to his house, ring, when he opens scream "WILL YOU, FOR GODS SAKE, SECURE YOUR SERVER PROPERLY?" in his face and leave.

     Oh, and have a friend record it with a camera and put it on youtube.
     

    please Please PLEASE PLEASE do this!



  • @halcyon said:

    @adrianmw said:

    Forget the code and the security:

    At present the group aims to cover the South Wales area between Bridgend and Newport

    I live 20 miles from Newport, and 22 from Bridgend. The chances are, this guy lives in my town!

    Find him, drive to his house, ring, when he opens scream "WILL YOU, FOR GODS SAKE, SECURE YOUR SERVER PROPERLY?" in his face and leave.

     Oh, and have a friend record it with a camera and put it on youtube.
     

     

    that would be classic         


Log in to reply