[Catalyst] plat_forms report published on June 20th. 2007. Geneva
team on Catalyst wins the Perl track.
Daniel McBrearty
danielmcbrearty at gmail.com
Wed Jun 20 19:23:39 GMT 2007
If you read closely (p43), re SQL injection :
"We record any failures to process our inputs appropriately as broken
only, i.e., when an
exception is raised that stems directly from the SQL processing rather
than the application logic. We record a solution as correct if it
processes acceptable inputs correctly and rejects inacceptable inputs
with an error message produced under proper control of the
application. Note that in this approach, an application flagged as
broken may actually be acceptable (in particular: secure), but it is
impossible to be sure from the outside so we
take a conservative approach."
I'd guess that they got a cat exception passed up from DBIx::Class,
and classified that as broken, basically because the team didn't
actually catch the error. But even so, the db itself would have been
safe.
On 6/20/07, Bill Moseley <moseley at hank.org> wrote:
> On Wed, Jun 20, 2007 at 06:35:31PM +0200, Daniel McBrearty wrote:
> > hate to admit it, but perl took a hammering in terms of the
> > completeness of solutions thing, maybe the most important metric. see
> > the charts on page 13.
>
> SOAP slowed 'em down, it seems.
>
> I only scanned the report, but lots of interesting bits in there.
> The two PHP teams used the same framework (and not sure about the
> third, but perhaps similar), where the Perl and Java teams had a wider
> range of frameworks. Might explain why the PHP teams had seemingly
> similar results.
>
> I found it odd that the Perl frameworks had the SQL injection
> problems. Most probably expected PHP to be weak there -- just
> goes to show how much bad PHP everyone is used to seeing.
>
> Overall, seems like a lot of mixed results -- too much variability
> to draw any concrete conclusions. Not that that will stop the camps
> from using the report to support their claims of superiority. ;)
>
> --
> Bill Moseley
> moseley at hank.org
>
>
> _______________________________________________
> List: Catalyst at lists.rawmode.org
> Listinfo: http://lists.rawmode.org/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/
>
--
Daniel McBrearty
email : danielmcbrearty at gmail.com
www.engoi.com
danmcb.vox.com
danmcb.blogger.com
BTW : 0873928131
More information about the Catalyst
mailing list