[ic] [loop-code] interpolation = security risk?
jon at endpoint.com
Thu Oct 23 00:38:18 UTC 2014
On Wed, 22 Oct 2014, Grant wrote:
>> If you need to use IC5, I'd recommend moving loop logic into a Perl
>> module that you then invoke from a usertag, or something similar. Then
>> you'll have a lot more safety and control, and usually more speed too.
> If I may ask, how does IC6 avoid this recommendation?
IC6 embraces modern Perl and the many awesome CPAN modules out there. So
this recommendation fits well there.
IC6 also allows you to use any templating system you want (including none
at all). Common ones include Template::Flute (by our own Stefan Hornburg)
and Template::Toolkit (widely used in the larger Perl world).
It would be nice to see an IC5 ITL port to IC6, but I don't consider it
really feasible. IC5 is, as previously mentioned, a monolith of tightly
coupled global references and depends on almost all of IC5 being there to
work at all. An IC5 ITL parser without the whole of IC5's daemon behind it
wouldn't be very useful at all.
For the clients that we have moved to something else but left partly on
IC5, using the web server to split up the URL space and proxy to something
new like IC6 is a good way to have old & new coexist.
I suspect someone will write an IC5 session handler for IC6 sooner or
later, because that would allow a deeper level of interconnection between
old & new.
All this is what I spoke about at the recent Perl Dancer / Interchange
conference in New York! My talk slides are here:
Others touched on some of these themes too. Nobody wants to have to start
from scratch when moving to IC6, but there are ways to lessen the pain or
increase the speed of getting some benefit.
End Point Corporation
More information about the interchange-users