then it's good rm doesn't work on a macintosh Todd On Thu, 10 Jul 1997, Matthias Ulrich Neeracher wrote: > claes@canit.se (Claes Bjorklund) writes: > >Is this this cgi script dangerous? the idea with the script to let the > >www-user do simple mathematics, but I am affraid they can do some thing > >dangerous, is there any differnts with Unix or Mac? > > > >$math = $FORM{'calc'}; > >$res=eval "$math"; > >[...] > > This script is very dangerous indeed. Think of what happens if some user > decides that "unlink" is a mathematical operator! The solution for this is to > eith use the Safe module (but I have never really tried that on MacPerl) or to > do a sanity check on $math before evaluating it. (Forbidding more than 3 > successive alphabetic characters, for instance, allows sin and cos while > forbidding most (all?) dangerous operators). > > Matthias > > ----- > Matthias Neeracher <neeri@iis.ee.ethz.ch> http://www.iis.ee.ethz.ch/~neeri > "I'm set free to find a new illusion" -- Velvet Underground > > ***** Want to unsubscribe from this list? > ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch > ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch