[ic] [loop-code] interpolation = security risk?

Richard Templet richard at endpoint.com
Thu Oct 23 01:34:44 UTC 2014

On Wed, Oct 22, 2014 at 05:55:24PM -0700, Grant wrote:
> > IC6 embraces modern Perl and the many awesome CPAN modules out there. So
> > this recommendation fits well there.
> >
> > IC6 also allows you to use any templating system you want (including none at
> > all). Common ones include Template::Flute (by our own Stefan Hornburg) and
> > Template::Toolkit (widely used in the larger Perl world).
> >
> > It would be nice to see an IC5 ITL port to IC6, but I don't consider it
> > really feasible. IC5 is, as previously mentioned, a monolith of tightly
> > coupled global references and depends on almost all of IC5 being there to
> > work at all. An IC5 ITL parser without the whole of IC5's daemon behind it
> > wouldn't be very useful at all.
> >
> > For the clients that we have moved to something else but left partly on IC5,
> > using the web server to split up the URL space and proxy to something new
> > like IC6 is a good way to have old & new coexist.
> >
> > I suspect someone will write an IC5 session handler for IC6 sooner or later,
> > because that would allow a deeper level of interconnection between old &
> > new.
> >
> > All this is what I spoke about at the recent Perl Dancer / Interchange
> > conference in New York! My talk slides are here:
> >
> > http://jon.endpoint.com/dragging-old-web-apps-into-modernity/
> >
> > Others touched on some of these themes too. Nobody wants to have to start
> > from scratch when moving to IC6, but there are ways to lessen the pain or
> > increase the speed of getting some benefit.
> Your method of communication is as lucid as ever (or perhaps even
> moreso).  Is it possible to move over gradually and realize some
> benefit along the way instead of beginning the rewrite process and
> hoping I'm one day able to flip the big switch?  Instead of getting
> IC5 stuff to run on IC6, can parts of IC6 be used with IC5?  Or
> perhaps more practically, are there best practices for rewriting ITL
> in Perl so that it still runs on IC5 but is as easy as possible to
> port to IC6?


Trying to intermingle IC5 and IC6 would be pretty complicated. The session storage isn't remotely the same therefor you'd somehow have to pass session information back and forth. It's a nightmare waiting to happen. :)

The only way I could see that working would be if you did like Jon mentions in his talk and turn IC5 into a web service that returns data to IC6 so you wouldn't have to re-write all of your business logic from the start. 

My talk at the Perl Dancer / Interchange conference was about converting a store from IC5 to IC6 and some of the differences. 


Let me know if there's anymore specifics you'd like to know.

Richard Templet
End Point Corporation

More information about the interchange-users mailing list