Re: [Nms-cgi-devel] Welcome

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 12 Nov 2001, Dave Cross wrote:

> Hey look, we have people on the list. Thanks for joining :)
>
> Some things that need doing:
>
> 1/ Test, test, test. On as many platforms as possible.
>

Maybe we ought to get a Tripod or Virtual Avenue account - as this is
likely to be very much the environment most of the user base will be in -
besides we won't mind so much if the site gets r00ted ;-}

> 2/ Document, document, document. Currently the scripts have READMEs that
> are very closely (in some cases, _too_ closely) modelled on Matt's. Better
> docs are important.
>

We probably want to come up with a boilerplate to do with the general
configuration and troubleshooting of CGI programs.  We shouldnt worry too
much about not reinventing stuff that can be found elsewhere because it is
unlikely that the target audience are going to find the stuff in the first
place - give them enough to stop them from becoming guest of honour at a
flamewar on comp.lang.perl.misc.

> 3/ Peer review. Most of the code was written by me in the course of a ten
> hour hackfest one weekend. It can no doubt be improved. I'd love suggestions.
>

In the first instance I have taken the duplicated code out of some of the
files (it looks like you may have done ':r' in vi twice :) and added
CGI::Carp in those places where the script might die() this will at least
produce something moderately less confusing than a plain 500 in the event
of failure - I think in the long term it would be best to come up with a
slightly different and more configurable strategy that can be used
consistently across the programs.

I think something that we ought to be looking at in the programs is
introducing better ways of doing things - it is not absolutely necessary
that we emulate the original programs down to the strange methods of
storage (for instance) if they are being deployed in a green field site
that has not yet been tainted with Matt's scripts.  You will for instance
see in 'ffa.pl' the variable $emulate_matts_ffa : although not completely
implemented yet when this is switched off the program will store its data
in a flat file and generate the HTML page on the fly rather than updating
the HTML page directly as it does now.  The guestbook and wwwboard should
have this option as well although we do have to retain compatibility with
Matt's peculiar storage mechanisms if we are to hope to encourage to
upgrade to our programs :)  I thought I had started doing this with the
guestbook but I can't find the code anywhere :(

> 4/ Comments. At last week's london.pm meeting, it was suggested to me that
> a higher than usual level of comments might be a good idea - given the
> number of people that learned Perl from MSA.
>

I've started on that with FFA - elucidating in some detail what the
configurable bits mean. I would consider it moot whether we should start
introducing a quantity of tutorial material into the code - perhaps we
could provide an annotated set of source as part of the project
documentation (actually this might be a valuable project in its own
right).

> Feel free to pick on on something that interests you and get on with it.
>

Er ...

> Something else I'd like advice on from Microsoft experts. Liz Castro has
> found that since she's added -T to the scripts in her book, it's harder to
> run them in IIS. It seems that IIS ignores the shebang line until it's too
> late and then barfs on it. I guess there's a config option somewhere in
> IIS that defines the command line options passed to perl. Does anyone know
> where it is?
>

Yep.  in the script map you have (e.g):

   .pl    ->    perl.exe %s %s

This can be changed to :

   perl.exe -T %s %s

For IIS3 and earlier this has to be done through regedit after that it is
done through the Internet services management thingy.

You might also be able to bodge it up by using pl2bat and then editing the
resulting .bat file.

I'll do a document up about configuring various versions of IIS in the
fullness of time (although this might not help the majority of the target
audience as they will mostly be on Web Hotels our shared web hosting
with an ISP that might not be willing to change this globally [ its not
global on IIS5 actually and I am not sure of 4 but it certainly is with
3]).

In the end I am not sure if we can insist on '-T or death' as these
programs are going to find themselves running in environments where it
just wont be possible to make it work - in the end of the day as long as
they have developed and tested with taint checking on they *are* taint
safe even with it off.  Of course the problems arise when people start
fiddling with the code.  Bah, another document is called for I think ..

What else.

Oh yeah by the time you read this I will have tinkered with the CVS so
that you can check out the whole thing with 'co NMS' - this does mean that
you will need to edit CVSROOT/modules if you add a new module - that'll be
man 5 cvs to you ;-}

/J\
-- 
Jonathan Stowe                      |
<http://www.gellyfish.com>          |      This space for rent
                                    |