You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Martin Moss <ma...@btopenworld.com> on 2004/11/19 13:35:20 UTC

Urgent justification for perl

All,

I've had an urgent request for a few paragraphs on the
justification for the use of perl. In particularly
mod_perl.

Someone in the powers that be read an outdated
description and thinks that using perl is a security
risk - (I know, its not what you use, but how you use
it thats the security concern). 

Any ideas?

Marty


		
___________________________________________________________ 
Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail to make your dream a reality. 
Get Yahoo! Mail www.yahoo.co.uk/10k

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Urgent justification for perl

Posted by "Randal L. Schwartz" <me...@stonehenge.com>.

>>>>> "John" == John Wittkoski <jo...@aol.com> writes:

John> Martin,
John> You better have one of those "powers that be" give those crazy folks at 
John> amazon.com a call and let them know that they are using an insecure 
John> product for their little shopping site.

And ticketmaster (gasp)!  How could a company that handles millions
of credit cards a day ever use something like Template Toolkit and
mod_perl!  They must be *crazy*!

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<me...@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Urgent justification for perl

Posted by Steven Lembark <le...@wrkhors.com>.

> You better have one of those "powers that be" give those crazy folks at
> amazon.com a call and let them know that they are using an insecure
> product for their little shopping site.
>
> Seriously though, amazon.com uses Mason
> (http://www.masonhq.com/?AmazonDotCom) which uses mod_perl which uses
> perl. They probably do more money based transactions per day than any
> other web site (except perhaps ebay - not sure what they use), and they
> trust mod_perl.

Not mod_perl specific, but most of the large financial houses
use perl+dbi for their work also. They don't publish the fact
(or much else about their internal workings) but our language
does the deed on Wall Street.

The perl advocacy group's 'success stores' page has quite a
few more.


-- 
Steven Lembark                                       85-09 90th Street
Workhorse Computing                                Woodhaven, NY 11421
lembark@wrkhors.com                                     1 888 359 3508

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Urgent justification for perl

Posted by John Wittkoski <jo...@aol.com>.


Martin Moss wrote on 11/19/04, 7:35 AM:

 > All,
 >
 > I've had an urgent request for a few paragraphs on the
 > justification for the use of perl. In particularly
 > mod_perl.
 >
 > Someone in the powers that be read an outdated
 > description and thinks that using perl is a security
 > risk - (I know, its not what you use, but how you use
 > it thats the security concern).
 >
 > Any ideas?


Martin,
You better have one of those "powers that be" give those crazy folks at 
amazon.com a call and let them know that they are using an insecure 
product for their little shopping site.

Seriously though, amazon.com uses Mason 
(http://www.masonhq.com/?AmazonDotCom) which uses mod_perl which uses 
perl. They probably do more money based transactions per day than any 
other web site (except perhaps ebay - not sure what they use), and they 
trust mod_perl.

Sorry, I know that's probably not a good "reason", but it is a good example.


    --John


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Urgent justification for perl

Posted by Jonathan Vanasco <jv...@mastersofbranding.com>.

Justification using perl/mod_perl for what, and opposed to what?
A security risk in what way?


There's a 'Success Stories' page here, that might have some things you 
want/need:
http://perl.apache.org/outstanding/index.html





On Nov 19, 2004, at 7:35 AM, Martin Moss wrote:

> All,
>
> I've had an urgent request for a few paragraphs on the
> justification for the use of perl. In particularly
> mod_perl.
>
> Someone in the powers that be read an outdated
> description and thinks that using perl is a security
> risk - (I know, its not what you use, but how you use
> it thats the security concern).
>
> Any ideas?
>
> Marty
>
>
> 		
> ___________________________________________________________
> Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with 
> Yahoo! Mail to make your dream a reality.
> Get Yahoo! Mail www.yahoo.co.uk/10k
>
> -- 
> Report problems: http://perl.apache.org/bugs/
> Mail list info: http://perl.apache.org/maillist/modperl.html
> List etiquette: http://perl.apache.org/maillist/email-etiquette.html
>


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Urgent justification for perl

Posted by Perrin Harkins <pe...@elem.com>.

On Fri, 2004-11-19 at 07:35, Martin Moss wrote:
> Someone in the powers that be read an outdated
> description and thinks that using perl is a security
> risk - (I know, its not what you use, but how you use
> it thats the security concern). 
> 
> Any ideas?

man perlsec to start with.  There is plenty of Perl advocacy out there
on various sites if you Google for it.  If you have a specific concern
that isn't covered well elsewhere, let us know what it is.

- Perrin

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Urgent justification for perl

Posted by Martin Moss <ma...@btopenworld.com>.

Big thanks to everyone for the links and tips.

Sorry for the ambiguous question, but was just passing
on the ambiguity, to see which way you guys took it,
as I was also annoyed at the ridiculousness of the
question...

Kind regards

Marty

 --- Matt Sergeant <ma...@sergeant.org> wrote: 
> On 19 Nov 2004, at 12:35, Martin Moss wrote:
> 
> > I've had an urgent request for a few paragraphs on
> the
> > justification for the use of perl. In particularly
> > mod_perl.
> >
> > Someone in the powers that be read an outdated
> > description and thinks that using perl is a
> security
> > risk - (I know, its not what you use, but how you
> use
> > it thats the security concern).
> >
> > Any ideas?
> 
> We're a global security company. We scan email for
> spam and viruses for 
> some places you may have heard of, like the UK
> government and the US 
> Federal Reserve. About 50% of everything we do is in
> perl (including 
> mod_perl/AxKit for our quarantine system). We're
> also BS/ISO-7799 if 
> that's the sort of thing your powers that be need to
> hear.
> 
> Does that help?
> 
> Matt.
> 
> 
> -- 
> Report problems: http://perl.apache.org/bugs/
> Mail list info:
> http://perl.apache.org/maillist/modperl.html
> List etiquette:
> http://perl.apache.org/maillist/email-etiquette.html
> 
>  


		
___________________________________________________________ 
Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail to make your dream a reality. 
Get Yahoo! Mail www.yahoo.co.uk/10k

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Urgent justification for perl

Posted by Matt Sergeant <ma...@sergeant.org>.

On 19 Nov 2004, at 12:35, Martin Moss wrote:

> I've had an urgent request for a few paragraphs on the
> justification for the use of perl. In particularly
> mod_perl.
>
> Someone in the powers that be read an outdated
> description and thinks that using perl is a security
> risk - (I know, its not what you use, but how you use
> it thats the security concern).
>
> Any ideas?

We're a global security company. We scan email for spam and viruses for 
some places you may have heard of, like the UK government and the US 
Federal Reserve. About 50% of everything we do is in perl (including 
mod_perl/AxKit for our quarantine system). We're also BS/ISO-7799 if 
that's the sort of thing your powers that be need to hear.

Does that help?

Matt.

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html