I've recently been learning perl and am wondering what frameworks are available for creating a web app. I'm mostly concerned about security, so if there are any security-specific web frameworks you'd recommend, I'd be more interested in those.
views:
102answers:
5
+4
A:
This thread on perlmonks has some info regarding Catalyst (which is the most modern/powerful Perl Web development framework) in security context.
For overall comparison, there are several of them linked in "Comparisons" section of Web Frameworks/Perl5 Wiki
Also, please remember that the main problem security wise is the developer - you can write hole-ridden code in the most secure framework if you don't have proper security-centric outlook in your development (that was the main point given to us in our secure web development training, and I happen to agree).
Also, as per Brian's question in the comment, these are a couple of helpful general "web security in Perl" links:
- CGI Programming with Perl book (Duh) - Chapter 8. Security
- W3C CGI Security FAQ - especially Q14 and Q15 (exec and taint checks)
- Security Issues in Perl Scripts
- Perl Security and Regular Expressions
DVK
2010-04-26 19:53:08
Thanks for the advice. I whole-heartedly agree with you about security, I'm just not entirely sure where to start, so I figured a framework would be helpful. If you have any links where I can learn more about best practices for web-app security in perl, that'd be great.
Brian Adams
2010-04-26 20:05:37
@Brian - added to asnwer
DVK
2010-04-26 20:18:34
+3
A:
There are plenty of frameworks, some of the more popular ones are Catalyst, Web::Simple and CGI::Application. Catalyst is the more complex and powerful one, well suited to big web applications.
David Dorward
2010-04-26 19:53:14
+2
A:
There's a few others that I can think of, too:
- Mojolicious, a small and powerful framework, with descriptions on their website.
- Dancer, a framework similar to Mojolicious that is designed to make it easy to get started with nothing other than its framework.
In fact, there's a bit of a competition going on between Mojolicious and Dancer right now to be the new framework to build the new CPAN Top 100 website:
Robert P
2010-04-26 20:10:41
A:
Another resource is the Template Toolkit. This gives you a formatting / templating tool for your webpages. From their site:
The Template Toolkit is a fast, flexible and highly extensible template processing system. It is Free (in both senses: free beer and free speech), Open Source software and runs on virtually every modern operating system known to man. It is mature, reliable and well documented, and is used to generate content for countless web sites ranging from the very small to the very large.
Robert P
2010-04-26 20:12:44
+1
A:
In addition to just the web frameworks, check out the perlsec doc in your perldoc kit. It talks about all the features Perl has for creating secure, protected code. The biggest one is taint mode, in which strings from any insecure place are marked internally, and if used without being processed (usually with a regex), throw warnings or errors. This language feature can help you catch possible problems with reading from untrustable locations.
Robert P
2010-04-26 20:19:41