AMEN!!

Narins, Josh wrote:
Message
How about writing your stuff in mod perl, and wrapping all the rest in Perl Run?
 
I've never used it, but it supposedly handles even the messiest of perl scripts with no impact.
 
But, if you do walk away from your job, I just ran into one of my old school chums whose been unemployed a while...
 
I think the URL says it all, and describes your position perfectly...
 
http://perl.apache.org/docs/1.0/guide/porting.html#The Script Is Too Dirty But It Does The Job And I Cannot Afford To Rewrite It
-----Original Message-----
From: Dave Van Abel [mailto:dave@vanabel.com]
Sent: Friday, January 24, 2003 1:17 PM
To: Paulsen, Brian
Cc: Sam Tregar; Html-template-users@lists.sourceforge.net
Subject: Re: [htmltmpl] Re: HTML Template versus Template Toolkit (fwd)

Brian,

I've posted some some other responses w/comments similar to this, but will respond here, too.

In a nutshell: To keep away from "guilt by association" I will continue to lobby for "not using Mod Perl" with the current code.  As to re-write the entire app, not enough funds to do it today. If the owner insists on running Mod Perl, I will have to consider walking away from the gig.

Dave,

Paulsen, Brian wrote:
I agree that if someone writes really bad code, mod perl will expose it more.  Personally, I think the solution is to clean up the code.  If you are doing $50000 credit card transactions with that bad of code, I would almost insist on a complete code review before going futher.  Odds are extremely good that if the code isn't mod perl safe, it isn't taint-safe either.  That means that it's very easy for a user to put in evil input into a field and get password information or cause havoc with a database.
 
However, let's say that you don't want to clean up the code.  Mod perl also has a mode where the modules can be preloaded and the child dies after serving up a page.  This gives you the speed benefits of not having to load and compile modules, yet you get the automatic cleanup that you currently enjoy.
 
Brian
 
-----Original Message-----
From: Dave Van Abel [mailto:dave@vanabel.com]
Sent: Friday, January 24, 2003 9:41 AM
To: Sam Tregar
Cc: Html-template-users@lists.sourceforge.net
Subject: Re: [htmltmpl] Re: HTML Template versus Template Toolkit (fwd)

All comments on HT v. Toolkit are excellent, and this is not the forum to debate Mod Perl. So I will try to finish the discussion, so those involved, can move on.

As to "run like hell from Mod Perl",  I am the one who said it  and will defend my statement.

Mod Perl:
Mod Perl is great, and I like to use it, in correct instances.
However, when the weakly written Perl  - not using strict everywhere, getting global values from inside of sub-routines w/o passing to it - is subject to Mod Perl, all hell can and will break loose.

Implementing Mod Perl on a single server, running two sites, both with originally written weak Perl code, can and very likely will wreak havic with both sites.

One site (in SSL) processes Credit Card transactions. This original script never used "strict" and has a large number of "included" scripts which do not use "strict". Additionally, these same scripts are used to connect to MySQL DB.

Now envision this set of scripts running under Mod Perl.

Now envision someone doing a credit card transaction, and having the CC# field populated with your credit card number (your Visa Card with $50,000 limit ). Oops, it gets stolen.

Can this happen? Yes. It happened to my girlfriend last year while doing an on-line purchase.

So, if any of you want to put Mod Perl up on this server, and have all hell break loose, and fix all the problems for free (because you maintain the code today and therfore it must be your problem), please send me your name, phone number, credit card number and so on, so you can have this gig.

There, I've backed up my original statement and will say it again, "Run like hell if Mod Perl gets installed for this site".
Dave

Sam Tregar wrote:
Since this topic is on the list already, here's my response on the topic.

-sam

---------- Forwarded message ----------
Date: Thu, 23 Jan 2003 13:45:02 -0500 (EST)
From: Sam Tregar <sam@tregar.com>
To: Robert <robert@airportparkinglots.com>
Subject: Re: HTML Template versus Template Toolkit

On Thu, 23 Jan 2003, Robert wrote:

  
Essentially, the argument in favor of using Template Toolkit is that it
is much more powerful
    

This is true.  But with power comes great responsiblity.  Are your HTML
designers ready for this responsibility?

  
and provides a more convenient way to pass variables to templates.
    

This is not true.  HTML::Template provides the simplest API of any
templating module in Perl.

  
My understanding is that Template Toolkit is 'fat' and may require the
use of mod perl (or something similar) to speed things up.
    

It's certainly a larger and slower system than HTML::Template.
HTML::Template is, to my knowledge, the fastest templating system
available for Perl.  And using the (experimental and incomplete)
HTML::Template::JIT add-on, it's even faster than PHP.

  
Of course, the programmer in favor of using HTML Template says I should
run like hell from using anything like mod perl.
    

That's odd.  I use HTML::Template with mod perl almost exclusively.  The
two are a great combination and HTML::Template includes a caching mode
ideally suited to use with mod perl.

  
As the author of HTML Template, I'd appreciate any thoughts or comments
you might have.
    

The most important issue in choosing between templating systems is your
evaluation of your HTML designers, not your programmers.  HTML::Template
supports a very simple template syntax which is modeled after HTML.  That
means that someone that only knows HTML can learn to create HTML::Template
templates very quickly.  Contrast this to Template Toolkit, where the
template syntax is essentially an entirely new programming language to
learn, and the difference is clear.

Also, HTML::Template enforces the division between coding in Perl and
design in HTML.  The movement of data is entirely one-way, from Perl code
to the template and from there to HTML in the browser.  This means that
the HTML templates can be created and maintained *entirely* separately
from the Perl code.  Using HTML::Template, a Perl coder does what he does
best, code in Perl, and your HTML designers do what they do best, design
in HTML.

All that aside, though, I don't want to leave you with the impression that
I think the Template Toolkit is no good.  It's actually a very well
designed system which just happens to meet different goals than the ones I
set for HTML::Template.  If you do end up using it you'll still be miles
ahead of the poor fools using JSP!

-sam





-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
                                               
Html-template-users mailing list
Html-template-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/html-template-users


  

-- 
Dave Van Abel
Colorado, USA
http://vanabel.com
http://perlsources.com
303-249-3855
Yahoo Instant Messenger = dave vanabel
  

------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.


-- 
Dave Van Abel
Colorado, USA
http://vanabel.com
http://perlsources.com
303-249-3855
Yahoo Instant Messenger = dave vanabel
    

------------------------------------------------------------------------------
This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice.


-- 
Dave Van Abel
Colorado, USA
http://vanabel.com
http://perlsources.com
303-249-3855
Yahoo Instant Messenger = dave_vanabel