[cgiapp] Dancer
Mark Stosberg
mark at summersault.com
Tue Mar 2 13:38:15 EST 2010
On Thu, 25 Feb 2010 17:51:40 -0600
P Kishor <punk.kish at gmail.com> wrote:
> following Mark Stosberg's email about PSGI, I decided to poke around a
> bit more, and landed up with Dancer. Color me very impressed.
>
> Seriously, I have seldom experienced such easy *everything*. Almost
> instant installation via 'sudo cpan Dancer', a simple 'dancer -a
> myapp', and I had a working, nice looking application framework [*]
> with nice URIs and ev'ryting.
>
> So, my question is thus -- how is Dancer different from CGI::App, and
> why should I use the latter instead of the former? I asked this not
> lightly because I have many years of experience invested in C::A, but
> Dancer truly shows how apps should be.
I had already looked at Dancer myself. As a result, you can see these
entries in the Dancer ChangeLog:
* Security Fix: protection from CRLF injection in
response headers (thanks to Mark Stosberg for the report).
* Support for multi-valued params in GET/POST data (thanks to
Mark Stosberg for the report).
So, in a short review, I found that it lacked support for multi-valued
params, and that it had a notable security hole. If you look into it
deeper, what else might you find?
I think it has some nice points, too, but it's not worth switching to
something so new from something proven from years of use to be stable
and reliable.
Mark
More information about the cgiapp
mailing list