Domain: scriptarchive.com
Stories and comments across the archive that link to scriptarchive.com.
Comments · 12
-
Re:yet another...
Digg's had this for days, but what's nice about
/. is the comments. The comment system on Digg is awful, they really should be embarrassed about it. Would it kill them to copy the comment system from Slash or Scoop? Hell, even mid 90's forum style would be a massive improvement.
Going even further off topic, why can phpBB copy it as well? It's even worse than Digg. Not to mention running it's a guaranteed way to get your server 0wn3d. -
Re:ren-regexp
Because you have been programming in perl for "eons" you should also know the perl community while really respecting TMTOWTDI also takes to calling out bad code. There is more than one way to do it does not mean there is no wrong way to do it. Passing out garbage code like that hurts more than helps. You could always go and hang out with Matt (Matt's Script Archive). Then again pass enough junk like that out and you may get your own version of: Not Matt's Scripts (NMS Project). Bottom line -- toss out junky code and deal with the comments calling the the blue sky blue.
-
That's good news
I wanted to implement a cookie-driven Web site for a long time, but was clueless as for who I had to pay for using the technology.
Now I can finally download and install HTTP Cookie Library and send my license check to Amazon. -
Re:Power Power Power [where's my perl!?!]hehe, just wait until perl6 will be ready:) i bet matts perl4 scripts will be completely be broken then and vanish completely... hm, so this might be a really good thing:)
and i guess its the old line: use the tool that fits the task best. perl is the swiss knife, php a more focused language for web apps. go for what you actually need.
-
When you can't find software that fits your needsWrite your own blog/photo-album thing-a-ma-jigger. It's guaranteed to have all the features your family needs, and be easy to use for people who are computer illiterate. You will know this, because you will design the features and interface yourself.
Most of what you want is probably already written in perl somewhere else anyway, you can just pick out the pieces you want and put them together.
And, it will totally come from the heart, since YOU made it! Parents love that.
-
Many example CGIs are vunderableBefore you go and download GCIs from Matt's Script Archive be sure to check whether there are any updates from the maintainer's site.
Scripts such as FormMail, (a script to take the unput from a post, format and send the data as an email) often do not check for proper input or malformed data. This is not a criticism of Matt's Script Archive, there's a wealth of information there and I've done good work with the examples presented therein. However, It's important to know that these are examples, freebies, and as such they may have security problems.
I bring up FormMail, because there are spammers who search for old versions of this script and use it to forward spam message out of our own server via your website. While this isn't as bad as having a compromised computer, it can still look bad to upper management who may not know the difference between spam and a virus.
-
Many example CGIs are vunderableBefore you go and download GCIs from Matt's Script Archive be sure to check whether there are any updates from the maintainer's site.
Scripts such as FormMail, (a script to take the unput from a post, format and send the data as an email) often do not check for proper input or malformed data. This is not a criticism of Matt's Script Archive, there's a wealth of information there and I've done good work with the examples presented therein. However, It's important to know that these are examples, freebies, and as such they may have security problems.
I bring up FormMail, because there are spammers who search for old versions of this script and use it to forward spam message out of our own server via your website. While this isn't as bad as having a compromised computer, it can still look bad to upper management who may not know the difference between spam and a virus.
-
Re:...and so it begins
Try here: http://www.scriptarchive.com/. and here.
-
Re:My response to the fairly rude comment
I, too, would rather see you use the NMS versions. It hurts the back of my eyeballs to see anyone teaching using Matt's code in 2003. Why? Well, just ask Matt Wright:
from http://www.scriptarchive.com/nms.html
While the free code found at my web site has not evolved much in recent years, the general programming practices and standards of CGI programs have. nms is an attempt by very active programmers in the Perl community to bring the quality of code for these types of programs up to date and eliminate some of the bad programming practices and bugs found in the existing Matt's Script Archive code.
I would highly recommend downloading the nms versions if you wish to learn CGI programming. The code you find at Matt's Script Archive is not representative of how even I would code these days. My interests and activies have moved on, however, and I just have not found the time to update all of my scripts. One of the major reasons for this is that they work for many people. For this reason, I will continue to provide them to the public, but am also pleased to make you aware of well-coded alternatives.
The NMS versions don't have the comments explaining what each line is doing, first year CS student style, but it is better to teach with good code than well-commented bad code. In the end, you can't replace good teaching with lots of comments.
If the comments are the only thing holding you back from using NMS, add them in!
Please don't use MSA code to teach with.
-
Argh. Matt Wright. Argh.From their opening page:
We will start off the week installing a perl script from Matt Wright's script archive.
Argh. Haven't they heard of the CERT warnings against those scripts? Haven't they heard that Matt himself has denounced his programs in favor of the NMS project?How do people get so clueless, and yet have such a strong desire to share what they (don't) know?
-
Her site is bustedI just tried to send her this but couldn't. Yay, using Slash as a stand in for participatory democracy:
As a technology professional and, based on someone who I think would agree with most of your political stances (that is, I'm want to be nice about this), please have your website amended by a qualified professional. The form used to send this message has a couple of problems that really ought to be addressed:
- There is no good reason for a web form such as this to force visitors to use a particular kind of browser software to access it. In spite of the recent court decision t hat would suggest otherwise, Microsoft has been tried & convicted as an abusive monopolist, and if visitors take the initiative to use alternative software they should be applauded, not excluded. Keeping out users based on their commercial choices seems very anti-democratic to me.
- Skimming the HTML source of this form, I note that it includes hidden fields for "mailto" and "url". That is a very bad sign, because there are well known security problems with certain freely available web form processing programs that are widely used on the web today, and one of the signatures of these dangerously broken programs is that they allow users to set fields like this. The reason that is a problem is that it allows a malicious user to send false data to your program, and by so doing hijack it & do anything from send out spam mail to carry out certain forms of identify theft or defamation of character. Rather than allowing the user to set this data in the web form, you would be much better off by moving that data into your server script instead. Your tech staff will hopefully know how to do this; if not I would be happy to answer any questions. To give a couple of reference URLs, I offer:
- http://www.securityfocus.com/corporate/research/t
o p10attacks_q1_2002.shtml - http://nms-cgi.sourceforge.net/faq_nms.html#But%2
0 there%20are%20perfectly%20good%20programs%20alread y%20out%20there%2C%20why%20bother%3F - http://www.scriptarchive.com/nms.html
- http://www.google.com/search?q=formmail+security+
c gi
Thank you for your attention, and for God's sake keep voting against Bush's war against Iraq. I'm sure history will prove that you were right to oppose this. Your speech against it, at http://www.house.gov/tubbsjones/pr021009.htm, was wonderful. Thank you.
Hey, it got written up, it might as well get posted somewhere. Maybe her staff will decide to start reading Slashdot today...
-
And for the guilty webmasters who allow...
And for those of you use scripts like "Matts Form Mail" (FormMail.pl or FormMail.cgi) you are probably one of the people allowing spammers to make money.
If you must use a script on your site that sends email, ensure that it does not allow just anyone to pass arguements to it directly, or from a script.
If you are using Matts FormMail (the #4 attack on the internet) then ensure you have the latest version. Here is the latest version
If in doubt, and you run Apache, add the following lines to your httpd.conf file:
RedirectMatch seeother [Ff]orm[Mm]ail.pl http://127.0.0.1/
RedirectMatch seeother [Ff]orm[Mm]ail.cgi http://127.0.0.1/
This will also help you reduce the number of 404 errors in your logs. The same redirect concept works for the Nimda crap as well.
I do not run any windows based servers, so I can not help you there.
If you are a spammer, this message should not bother you since you do not abuse peoples servers and steal their bandwidth, correct?