[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] How do you use Safe.pm?

To: mac-perl@iis.ee.ethz.ch
Subject: Re: [MacPerl] How do you use Safe.pm?
From: "Mark F. Murphy" <markm@powerperl.com>
Date: Thu, 23 Oct 1997 08:54:12 -0700
In-Reply-To: <344F0BBA.75587CE4@club-internet.fr>

At 9:33 AM +0100 10/23/97, Philippe de Rochambeau wrote:
>I have read in various Perl books that eval should be used in CGI
>scripts because they are unsafe.

Eval's not unsafe for common CGI stuff.  It's unsafe if you get code from
*outside* your own safe environment and try to eval it.  In other words...
if you get a string from *somewhere* and eval it it... you have no idea
what the outside source is having you eval.

However since you're using known options, I don't see anything too
dangerous in your example.

You might want to simply double check that your $opHeight is one of your
valid ops (<,>,=) and double check $myheight and $height are numbers so
your eval doesn't error.

>I have also read that Safe.pm can help
>alleviate this problem. However, documentation on Safe.pm is scarce in
>books, on the Net, and elsewhere, and detailled examples almost non
>existent.

I use Safe.pm extensively in my product.  For your example, I think Safe
would be overkill.

mark

PowerPerl(tm),  mailto:info@powerperl.com   http://www.powerperl.com
       A product of Tyrell Software Corp.   http://www.tyrell.com

***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch

References:
- [MacPerl] How do you use Safe.pm?
  - From: Philippe de Rochambeau <pr1@club-internet.fr>

Prev by Date: [MacPerl] Help Request
Next by Date: Re: [MacPerl] MacPerl interfaces
Prev by thread: [MacPerl] How do you use Safe.pm?
Next by thread: Re: [MacPerl] How do you use Safe.pm?
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net