need custom script done - GoFuckYourself.com

Pointless · 05-16-2003, 12:35 AM

need custom script done

icq me 122295837

Pointless · 05-16-2003, 12:55 AM

bumpidy bump bump

jact · 05-16-2003, 12:56 AM

What language(s) and if you need db support might help get the right people to contact you.

Pointless · 05-16-2003, 01:00 AM

Quote:

Originally posted by jact
What language(s) and if you need db support might help get the right people to contact you.

cgi/perl or

php --> MySQL database

jact · 05-16-2003, 01:01 AM

Quote:

Originally posted by Pointless

cgi/perl or

php --> MySQL database

Now you're talking!

Zayne E. · 05-16-2003, 01:02 AM

Contact James - he's written some custom stuff for us. He's fast, very reasonable and his stuff works great. He's [email protected]

Pointless · 05-16-2003, 01:23 AM

Quote:

Originally posted by Zayne E.
Contact James - he's written some custom stuff for us. He's fast, very reasonable and his stuff works great. He's [email protected]

thanks just sent an email to him

PowerCum · 05-16-2003, 01:29 AM

I am ok if you want it to be php+MySQL stuff.
I hate perl and personally think that ti's a security risk to put a perl stuff on a web server.

ICQ: 171216535
mail: ice [ at ] icefire.org

Pointless · 05-16-2003, 01:50 AM

Babaganoosh · 05-16-2003, 01:53 AM

Depending on how large the script is I may have time as soon as tomorrow. I have to start a new script Monday but if I can get it done before that I would be more than happy to do it.

Pointless · 05-16-2003, 02:02 AM

Quote:

Originally posted by Armed & Hammered
Depending on how large the script is I may have time as soon as tomorrow. I have to start a new script Monday but if I can get it done before that I would be more than happy to do it.

do u have icq ?

mine is icq 122295837

Zayne E. · 05-16-2003, 04:29 AM

Quote:

Originally posted by Pointless

thanks just sent an email to him

See what happens when I post at 4am? Got his addy wrong. It's [email protected]

nuclei · 05-16-2003, 05:18 AM

Quote:

Originally posted by PowerCum
I am ok if you want it to be php+MySQL stuff.
I hate perl and personally think that ti's a security risk to put a perl stuff on a web server.

ICQ: 171216535
mail: ice [ at ] icefire.org

Umm what planet are you from exactly?
Perl applications have been used by system administrators for a lot longer than you have been out of diapers.

goBigtime · 05-16-2003, 05:39 AM

Quote:

Originally posted by PowerCum
I am ok if you want it to be php+MySQL stuff.
I hate perl and personally think that ti's a security risk to put a perl stuff on a web server.

A search of Bugtraq at SecurityFocus reveals:

451 results matching "Php"
173 results matching "Perl"

Keep in mind Perl has been around considerably longer than perl as well.

Running PHP is leaps and bounds more of a security risk than properly coded Perl could ever be.

goBigtime · 05-16-2003, 05:47 AM

I think maybe his perl-is-bad experience must come from exploiting poorly coded canned scripts or something.

That's the only reason I think someone could come to that conclusion.

PHP used to have remote root exploits like every 3 months. Now they are down to every 6 months or so..

Don't get me wrong, PHP is great for what it is & for quickly developing certain applications. Great for templating....
BUT, their security fixes suggest that there is greater risk in using PHP over Perl no matter how you slice it.

cj-design · 05-16-2003, 06:03 AM

Hi,

looking forward to email - [email protected]

PowerCum · 05-16-2003, 06:36 AM

Quote:

Originally posted by goBigtime
I think maybe his perl-is-bad experience must come from exploiting poorly coded canned scripts or something.

That's the only reason I think someone could come to that conclusion.

PHP used to have remote root exploits like every 3 months. Now they are down to every 6 months or so..

Don't get me wrong, PHP is great for what it is & for quickly developing certain applications. Great for templating....
BUT, their security fixes suggest that there is greater risk in using PHP over Perl no matter how you slice it.

Well, the reasons are quite complex but here comes a simple resume

1) Perl executes directly on the system --> any security hole in your script leads to direct command execution on the system with the privileges of your web server.
2) PHP is a module, so it relies on apache (unless you are stupid enought to run it as CGI), then any security hole becomes harder to explot (still possible).
3) You have not the security structure php has with it's config level (safe_mode, include_dir etc..). If you use perl you access to all the server directory unless you use several extra modules to protect the perl environment and pseudochroot it.
4) Perl uses to be slower when it comes to web database driven apps. The perl interpreter itself runs faster that PHP, but it takes some time to load it (more memory etc...). PHP is always loaded on your apache if you use it as module. If you have a 200 lines php app it will go faster that with perl, but if you have 20.000 lines application you should choose delphi or C instead of php (perl will do the work but will be still slow).

Don't take me wrong, perl is great, but it was thinked as a system administration helper scripting language, not as a web programming language. I use perl to automate tasks on my boxes, but I never put it on the web.

nuclei · 05-16-2003, 06:44 AM

Quote:

Originally posted by PowerCum

Well, the reasons are quite complex but here comes a simple resume

1) Perl executes directly on the system --> any security hole in your script leads to direct command execution on the system with the privileges of your web server.
2) PHP is a module, so it relies on apache (unless you are stupid enought to run it as CGI), then any security hole becomes harder to explot (still possible).
3) You have not the security structure php has with it's config level (safe_mode, include_dir etc..). If you use perl you access to all the server directory unless you use several extra modules to protect the perl environment and pseudochroot it.
4) Perl uses to be slower when it comes to web database driven apps. The perl interpreter itself runs faster that PHP, but it takes some time to load it (more memory etc...). PHP is always loaded on your apache if you use it as module. If you have a 200 lines php app it will go faster that with perl, but if you have 20.000 lines application you should choose delphi or C instead of php (perl will do the work but will be still slow).

Don't take me wrong, perl is great, but it was thinked as a system administration helper scripting language, not as a web programming language. I use perl to automate tasks on my boxes, but I never put it on the web.

1 & 2. ummm unless there is perl code to directly run a system command on submitted data, no perl does not execute any system commands.

3. I can just as easily use php to access any directory on the server where the permissions allow it the exact same as perl.

4. a perl script written correctly can be loaded as mod_perl in apache and does not need to be loaded each time it runs, thus being faster. No idea if it will or will not be faster than a similar php application, just pointing out the flaw in your thinking.

sometimes it is far better to keep your mouth closed and be thought a fool, than to open it and remove all doubt.

goBigtime · 05-16-2003, 07:03 AM

1) Perl executes directly on the system --> any security hole in your script leads to direct command execution on the system with
the privileges of your web server.

You can use a CGIWrapper to prevent perl from doing system calls if that's something you need to worry about. Also keep in mind in most cases they would be ran as the apache user. And the same thing goes for system calls in PHP I believe.

Servers should be kept up to date security wise anyway.

2) PHP is a module, so it relies on apache (unless you are stupid enought to run it as CGI), then any security hole becomes harder to explot (still possible).

No, PHP can be compiled and installed as an apache module. So can perl.

3) You have not the security structure php has with it's config level (safe_mode, include_dir etc..). If you use perl you access to all the server directory unless you use several extra modules to protect the perl environment and pseudochroot it.

Heh or unless you write cleaner/safer code.

But I don't know enough about PHP's 'config levels' to argue about that one.

4) Perl uses to be slower when it comes to web database driven apps. The perl interpreter itself runs faster that PHP, but it takes some time to load it (more memory etc...). PHP is always loaded on your apache if you use it as module. If you have a 200 lines php app it will go faster that with perl, but if you have 20.000 lines application you should choose delphi or C instead of php (perl will do the work but will be still slow).

mod_perl used correctly will smoke PHP I believe.
But this isn't a Perl VS PHP _performance_ thread... it's based on you comments that perl is more of a security risk than perl.

And like I said, historically, over a much shorter period of time, PHP has claimed FAR MORE remote root compromises than Perl has.

05-16-2003, 12:35 AM	#1
Pointless Confirmed User Join Date: Jan 2003 Location: Australia Posts: 2,142	need custom script done need custom script done icq me 122295837 __________________ 355 north Adultdatelink.com

05-16-2003, 12:55 AM	#2
Pointless Confirmed User Join Date: Jan 2003 Location: Australia Posts: 2,142	bumpidy bump bump __________________ 355 north Adultdatelink.com

05-16-2003, 12:56 AM	#3
jact Confirmed User Join Date: Sep 2002 Location: Oakville, Canada Posts: 9,134	What language(s) and if you need db support might help get the right people to contact you. __________________ Free agent

05-16-2003, 01:29 AM	#8
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	I am ok if you want it to be php+MySQL stuff. I hate perl and personally think that ti's a security risk to put a perl stuff on a web server. ICQ: 171216535 mail: ice [ at ] icefire.org __________________ CjOverkill Traffic Trading Script Free, secure and fast traffic trading script. Get your copy now

05-16-2003, 01:50 AM	#9
Pointless Confirmed User Join Date: Jan 2003 Location: Australia Posts: 2,142	bump __________________ 355 north Adultdatelink.com

05-16-2003, 01:02 AM	#6
Zayne E. Confirmed User Industry Role: Join Date: Apr 2002 Posts: 1,383	Contact James - he's written some custom stuff for us. He's fast, very reasonable and his stuff works great. He's [email protected]

05-16-2003, 01:53 AM	#10
Babaganoosh ♥♥♥ Likes Hugs ♥♥♥ Industry Role: Join Date: Nov 2001 Location: /home Posts: 15,841	Depending on how large the script is I may have time as soon as tomorrow. I have to start a new script Monday but if I can get it done before that I would be more than happy to do it. __________________ I like pie.

05-16-2003, 05:47 AM	#15
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	I think maybe his perl-is-bad experience must come from exploiting poorly coded canned scripts or something. That's the only reason I think someone could come to that conclusion. PHP used to have remote root exploits like every 3 months. Now they are down to every 6 months or so.. Don't get me wrong, PHP is great for what it is & for quickly developing certain applications. Great for templating.... BUT, their security fixes suggest that there is greater risk in using PHP over Perl no matter how you slice it.

05-16-2003, 06:03 AM	#16
cj-design Confirmed User Join Date: Apr 2003 Location: England Posts: 378	Hi, looking forward to email - [email protected]

05-16-2003, 07:03 AM	#19
goBigtime Confirmed User Join Date: Nov 2002 Posts: 7,761	1) Perl executes directly on the system --> any security hole in your script leads to direct command execution on the system with the privileges of your web server. You can use a CGIWrapper to prevent perl from doing system calls if that's something you need to worry about. Also keep in mind in most cases they would be ran as the apache user. And the same thing goes for system calls in PHP I believe. Servers should be kept up to date security wise anyway. 2) PHP is a module, so it relies on apache (unless you are stupid enought to run it as CGI), then any security hole becomes harder to explot (still possible). No, PHP can be compiled and installed as an apache module. So can perl. 3) You have not the security structure php has with it's config level (safe_mode, include_dir etc..). If you use perl you access to all the server directory unless you use several extra modules to protect the perl environment and pseudochroot it. Heh or unless you write cleaner/safer code. But I don't know enough about PHP's 'config levels' to argue about that one. 4) Perl uses to be slower when it comes to web database driven apps. The perl interpreter itself runs faster that PHP, but it takes some time to load it (more memory etc...). PHP is always loaded on your apache if you use it as module. If you have a 200 lines php app it will go faster that with perl, but if you have 20.000 lines application you should choose delphi or C instead of php (perl will do the work but will be still slow). mod_perl used correctly will smoke PHP I believe. But this isn't a Perl VS PHP _performance_ thread... it's based on you comments that perl is more of a security risk than perl. And like I said, historically, over a much shorter period of time, PHP has claimed FAR MORE remote root compromises than Perl has. Last edited by goBigtime; 05-16-2003 at 07:06 AM..