[ic] [loop-code] interpolation = security risk?

Jon Jensen jon at endpoint.com
Thu Oct 23 00:38:18 UTC 2014


On Wed, 22 Oct 2014, Grant wrote:

>> If you need to use IC5, I'd recommend moving loop logic into a Perl 
>> module that you then invoke from a usertag, or something similar. Then 
>> you'll have a lot more safety and control, and usually more speed too.
>
> If I may ask, how does IC6 avoid this recommendation?

IC6 embraces modern Perl and the many awesome CPAN modules out there. So 
this recommendation fits well there.

IC6 also allows you to use any templating system you want (including none 
at all). Common ones include Template::Flute (by our own Stefan Hornburg) 
and Template::Toolkit (widely used in the larger Perl world).

It would be nice to see an IC5 ITL port to IC6, but I don't consider it 
really feasible. IC5 is, as previously mentioned, a monolith of tightly 
coupled global references and depends on almost all of IC5 being there to 
work at all. An IC5 ITL parser without the whole of IC5's daemon behind it 
wouldn't be very useful at all.

For the clients that we have moved to something else but left partly on 
IC5, using the web server to split up the URL space and proxy to something 
new like IC6 is a good way to have old & new coexist.

I suspect someone will write an IC5 session handler for IC6 sooner or 
later, because that would allow a deeper level of interconnection between 
old & new.

All this is what I spoke about at the recent Perl Dancer / Interchange 
conference in New York! My talk slides are here:

http://jon.endpoint.com/dragging-old-web-apps-into-modernity/

Others touched on some of these themes too. Nobody wants to have to start 
from scratch when moving to IC6, but there are ways to lessen the pain or 
increase the speed of getting some benefit.

HTH,
Jon

-- 
Jon Jensen
End Point Corporation
https://www.endpoint.com/



More information about the interchange-users mailing list