Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • OK, given this journal entry, I feel I have to defend my use of eval in L'anePOS.

    First, Perl was selected for platform independence. I wanted to be able to extend the system with plugins written in the same language as the main application. I also wanted to store the plugins in the database in order to reduce the number of communication channels that would need to be secured in a system. As PostgreSQL supports SSL easily, I feel the plugins stored in the database would be more secure than plugins stored in a network filesystem. Also, the evals only use code stored in the sysStrings table which is only modifiable by dbas.

    The specific /e substitutions: the code in the right side of the s/// is a simple multiplication with a constant. I must admit that I wouldn't have coded that plugin like it is if I were to rewrite today. But, that doesn't mean I think there is a security problem with that code either.

    Read the above with the following in mind: "there is nothing as ferocious as a parent protecting its child." ;)

    OH, and the CreditCardServices...
    We were considering writing a credit card authorization package for L'anePOS based on documents from Vital PS. As another free software developer had problems getting Vital to certify his/her package, I didn't commit any more time to the project. Besides, you wouldn't have liked my CCS as it stored card info and initialization code in the database. ;)
    • Aah ... I wondered if the person who wrote L'ane would eventually read this. Hope I didn't sound too harsh :(

      I am currently working on LanePOS::CreditCard which relies on the MCVE engine. I don't know if it's going to be implemented, though, as they can always swipe cards by hand.

      Hopefully, when we're at a more stable spot, we can send back to you most of the work that we've done, along with what will likely be over 1,000 tests for the system :)

      • As a user of LanePOS, I couldn't be happier with the results. Outstanding reliability and performance with Perl, Tk and Linux. The fact that I can run a retail business with these technologies is a statement of quality due to dedicated individuals like Jason. I'm not a Perl expert but I am impressed with the overall design of register and related modules. The code reads well and is very modular in nature. I'm a Unix Sys Admin and I use Perl for my routine administrative needs. What Jason and others l