I've recently been learning perl and am wondering what frameworks are available for creating a web app. I'm mostly concerned about security, so if there are any security-specific web frameworks you'd recommend, I'd be more interested in those.
This thread on perlmonks has some info regarding Catalyst (which is the most modern/powerful Perl Web development framework) in security context.
For overall comparison, there are several of them linked in "Comparisons" section of Web Frameworks/Perl5 Wiki
Also, please remember that the main problem security wise is the developer - you can write hole-ridden code in the most secure framework if you don't have proper security-centric outlook in your development (that was the main point given to us in our secure web development training, and I happen to agree).
Also, as per Brian's question in the comment, these are a couple of helpful general "web security in Perl" links:
CGI Programming with Perl book (Duh) - Chapter 8. Security
There are plenty of frameworks, some of the more popular ones are Catalyst, Web::Simple and CGI::Application. Catalyst is the more complex and powerful one, well suited to big web applications.
除了 Web 框架之外,还可以查看 perldoc 工具包中的 perlsec 文档。它讨论了 Perl 用于创建安全、受保护的代码的所有功能。最大的一个是污染模式,其中来自任何不安全位置的字符串都会在内部进行标记,如果未经处理(通常使用正则表达式)就使用,则会抛出警告或错误。此语言功能可以帮助您发现从不可信位置阅读时可能出现的问题。
In addition to just the web frameworks, check out the perlsec doc in your perldoc kit. It talks about all the features Perl has for creating secure, protected code. The biggest one is taint mode, in which strings from any insecure place are marked internally, and if used without being processed (usually with a regex), throw warnings or errors. This language feature can help you catch possible problems with reading from untrustable locations.
Another resource is the Template Toolkit. This gives you a formatting / templating tool for your webpages. From their site:
The Template Toolkit is a fast, flexible and highly extensible template processing system. It is Free (in both senses: free beer and free speech), Open Source software and runs on virtually every modern operating system known to man. It is mature, reliable and well documented, and is used to generate content for countless web sites ranging from the very small to the very large.
发布评论
评论(5)
perlmonks 上的这个帖子有一些关于 perlmonks 的帖子安全上下文中的catalystframework.org/" rel="nofollow noreferrer">Catalyst(这是最现代/最强大的Perl Web 开发框架)。
为了进行总体比较,Web Frameworks/Perl5 的“比较”部分链接了其中的几个另外
,请记住,安全方面的主要问题是开发人员 - 如果您在开发中没有适当的以安全为中心的前景(这是主要的),您可以在最安全的框架中编写漏洞百出的代码。我们在安全网络开发培训中向我们提出了这一点,我碰巧同意)。
另外,根据 Brian 在评论中提出的问题,这些是一些有用的通用“Perl 中的网络安全”链接:
This thread on perlmonks has some info regarding Catalyst (which is the most modern/powerful Perl Web development framework) in security context.
For overall comparison, there are several of them linked in "Comparisons" section of Web Frameworks/Perl5 Wiki
Also, please remember that the main problem security wise is the developer - you can write hole-ridden code in the most secure framework if you don't have proper security-centric outlook in your development (that was the main point given to us in our secure web development training, and I happen to agree).
Also, as per Brian's question in the comment, these are a couple of helpful general "web security in Perl" links:
框架有很多,其中一些比较流行的框架是 Catalyst、Web::Simple 和 CGI::Application。 Catalyst 是更复杂、更强大的一种,非常适合大型 Web 应用程序。
There are plenty of frameworks, some of the more popular ones are Catalyst, Web::Simple and CGI::Application. Catalyst is the more complex and powerful one, well suited to big web applications.
我也能想到其他一些:
事实上,Mojolicious 和 Dancer 之间目前正在进行一些竞争,争夺成为用于构建新的 CPAN Top 100 网站的新框架:
There's a few others that I can think of, too:
In fact, there's a bit of a competition going on between Mojolicious and Dancer right now to be the new framework to build the new CPAN Top 100 website:
除了 Web 框架之外,还可以查看 perldoc 工具包中的 perlsec 文档。它讨论了 Perl 用于创建安全、受保护的代码的所有功能。最大的一个是污染模式,其中来自任何不安全位置的字符串都会在内部进行标记,如果未经处理(通常使用正则表达式)就使用,则会抛出警告或错误。此语言功能可以帮助您发现从不可信位置阅读时可能出现的问题。
In addition to just the web frameworks, check out the perlsec doc in your perldoc kit. It talks about all the features Perl has for creating secure, protected code. The biggest one is taint mode, in which strings from any insecure place are marked internally, and if used without being processed (usually with a regex), throw warnings or errors. This language feature can help you catch possible problems with reading from untrustable locations.
另一个资源是模板工具包。这为您的网页提供了格式化/模板工具。从他们的网站:
Another resource is the Template Toolkit. This gives you a formatting / templating tool for your webpages. From their site: