WebMin

2002-05-31
2002-12-29
  • Benjamin Smith

    Benjamin Smith - 2002-05-31

    I'd like to discuss the possibility of re-writing/adapting the current WebMin .970 release. 

    I have reviewed this code, and personally think this will be a great place to actually start. 

    Has anyone else D/L'ed this source yet?

    This is what I have found so far from reviewing this code.(Still actually have to review most of the modules, I looked at enough of the code to understand the structure, and get an idea of how it all works.)

    First and foremost, I'm not sure if anyone else here utilizes the "use strict;" to require strict subs and declaring variables, the "-w" for warnings and the "-T" switch for taint checking, but I for one think these are vital for any large project as it helps with error checking.  Another thing I think it could use is the CGI.pm module as this is a more secure approach to CGI applications.  Anyone see where I'm going with this?  To implement this would take a major rewrite of the code base, this could be a good thing as while working on it, bugs will be uncovered, any changes we want to make can be done while we are in there.  Is this understood by all??

    This is what I have come up with so far while reviewing this, I would like to hear all of your opinions/ideas.  Please let me know if you can think of a better approach to this task, all ideas are welcome, please don't be afraid to ask.

    I'd really like to get on the ball with this, so if you have the time to help us, great, if not, please let us know, and we will promptly find someone else.

     
    • Tommy Butler

      Tommy Butler - 2002-05-31

      I don't agree with this idea.  A quick summary of my reasons:

      REASON #1
      If it's true that the existing code sucks resources like a pig, why try using
      it as the basis for new code with the predefined requirement regarding this
      assignment was to create code which was less resource-consuming?

      REASON #2
      If it wasn't written correctly, re-writing it will be such a waste of time
      taking into account exactly what was incorrect:

         if you can't run code with the warnings switch, the strict pragma it is
         crap.  That is all there is to it.  If it's author couldn't code within
         these guidelines which enforce scoped variable definition, and other
         practices which make a program more efficient, secure, and debug-gable
         it is almost in every case because the author couldn't do it.
        
         Otherwise, the author wouldn't have been so stupid having understood what
         the strict pragma is for and what it does.
        
         This issue alone accounts for a huge waste of memory in every program which
         doesn't adhere to proper coding.  This kind of code is nearly impossible to
         debug, scale, or reuse.  I'm sorry, but it is just crap.

      REASON #3
      If it already doesn't use CGI.pm it is one more reason on the stack of others
      that working with the code to use CGI.pm is another waste of time --time which
      could be spent on actual development.  Not only the use of CGI.pm an
      established standard, it is the only way to securely work over the Common
      Gateway Interface (CGI) as endorsed by the authors of Perl themselves.

      http://www.toadi.org/scripts/why_use_cgi_pm.html
      http://ooopps.sourceforge.net/cgi-bin/archive.pl/pub/tutorials/CGI.pm_is_OK.txt
      http://www.perlmonks.org/index.pl?node_id=28499

       
    • Benjamin Smith

      Benjamin Smith - 2002-05-31

      Excellent point(s).  You thoughts are duly noted.  Proper coding standards are a MUST for any kind of program, let alone one that will be doing what is needed here.  What I meant to point out here is that the basic idea of this code is what we are looking for.  A major re-write of the current code base would be a waste of time, but as a reference point, I think this will do fine.  The structure and idea for this code is on the right track, but as I said before, and as you stated, it doesn't exercise safe programming techniques.

      I should have made myself more clear.

      Tommy, please e-mail me after 9:00 pm EST I would like to have a conversation with you about this..

      Also, another excellent article on CGI Security in general can be found here:

      http://www.oreilly.com/catalog/cgi2/chapter/ch08.html

       
    • Benjamin Smith

      Benjamin Smith - 2002-05-31
       
    • Stefan Ilivanov

      Stefan Ilivanov - 2002-12-29

      And after six months, no one if I'm not online is not make anything :(

      Cool, let's start from the beggining, I was been in a hospital with my wife, for a very long time, now she is in heaven, and I'm back to release Shilosh as soon as possible
      I have only one favor, when my love is gone
      To make shilosh available to the ppl for free, to brake down the Microsoft monopol, as you know, our little concurency Lindows.com failed their mission, and release their Lindows, for price, very big price, if I'm a end user, I will choose MS, easy to use, easy to install and no so easy to support, but this is other question. MP3.com with their stupid Linux failed. Now is our way to show, what we can do. I hope, that you're ppl, will be with me, to complete it this task.

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks