Migrating to perl?

Moshe Zadka moshez at zadka.site.co.il
Fri Jan 5 19:33:10 EST 2001 

On Fri, 5 Jan 2001, "Joel Ricker" <joejava at dragonat.net> wrote:

> I thought of the question about security and the need for taint modes but
> then I realized since there may not be system calls like `del *.*` there
> might not be a need for it.  I'm sure that if Python is in general use as a
> CGI language then those issues have been cleared up.  Are there any thing
> you have to watch for like running in taint mode in perl?

Well, there isn't anything like taint, but I've found no use for it.
In Python, you use real functions to do stuff you do via `` in Perl.
Compare

print $_, "\n" for (split `ls`);

And

for file in os.listdir('.'):
	print file

When trying to list a directory got from a CGI parameter:

print $_, "\n" for (split `ls $var`); # security risk: first check $var, -T

for file in os.listdir(var): # no security risk here
	print file

Similarily for other thing. AFAIK, the above is the idiomatic Perl to
do it. Not to mention wildcard interpretation: it's done directly
by Python, not passed to shell.

> I would hate to have to build a module like that from scratch,
> especially since graphic file standards are not exactly my forte.  I only
> have a vague understanding of their inner workings.

Luckily PIL (linked somewhere from www.pythonware.com) understands file
formats' inner workings very well.

> No kidding.  I just but Object Oriented Perl by Damian Conway and I thought
> I had the idea and concepts down and by the end of the third chapter it all
> came crashing down.  Things are working that shouldn't and vice versa.

I found Perl OO to be very easy -- because it's copied from Python, but
with Perl's syntax. So I just write Python code in Perl, and it pretty
much works. Of course, eval/if($@) is no where near the comfort of
try/except/finally/else. Since Python is a reference-based language,
I just think in Python when working with Perl references, and it 
works too. In fact, I think that learning Python before Perl
makes the later easier exactly for the same reasons learning Esperanto
before French makes learning French easier.

> perldoc perltoot

Which is actually quite good, as far as it goes.

> Could you use that to wrap Python around Mason?

Well, maybe, but why? Mason scripting will still be done in Perl.
You can use any of the existing half-a-dozen web-platforms in Python --
PMZ, PSP, WebWare, Quixote or Zope.

-- 
Moshe Zadka <sig at zadka.site.co.il>
This is a signature anti-virus. 
Please stop the spread of signature viruses!

More information about the Python-list mailing list