Re: CGI scripts in sh

[Lincoln Yeoh <lyeoh () POP JARING MY>]

At 12:45 AM 21-09-2000 +0200, Crypteria wrote:
> I got a question concerning CGI scripts, i've been told that sh scripts are
> way
> more insecure than perl or c/c++ scripts. I find great to use the power of
> shell
> scripting and the ability to use commands in scripts and I just wondered why
> they could be more insecure ? After all, a good shell scripts can be
> flawless
> just as a bad perl script can be dangerous...

True, shell scripts can be flawless and bad perl scripts can be dangerous.

However:
Which languages are more suitable for what you are trying to do?
Which of those languages are you good at, and can code safely in?

In my case, I can't code safely in C - it feels like crawling through a
minefield and looking for mines. C++ is much better, but it still gets
dangerous when you have to reenter the C minefield areas!

I find Perl (like many other scripting languages) so much easier- you can
strip nasty stuff off easily. It can also cope with most inputs so you can
read long strings in, and then truncate or complain. I'm not so comfortable
dealing with hostile stuff when using shell scripts.

Whereas with C, you can think you're writing something to deal with
extraordinary input, but before your 3rd line you may already be dead.

C is like a sharp double edged sword, no handle :).

C++ is like a sharp double edged sword with a removable handle - and
sometimes you need to remove the handle to use it. Yes it's object oriented
;).

Perl is like a swiss army knife. There are lots of blades for doing
different stuff, slicing, dicing and even writing poetry and then killing
yourself. Almost any idiot can use a swiss army knife (and lots do ;) ).

Java is like a somewhat sharp space-age plastic sword. Yes, there's a
handle, and no, you can't remove it. Tons of people are being certified to
use it.

Assembler: chainsaw, no handles.
Machine code: chainsaw, no handles, blindfolded.

Erm I better stop now.. :)

Cheerio,
Link.