[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] How do you use Safe.pm?



At 9:33 AM +0100 10/23/97, Philippe de Rochambeau wrote:
>I have read in various Perl books that eval should be used in CGI
>scripts because they are unsafe.

Eval's not unsafe for common CGI stuff.  It's unsafe if you get code from
*outside* your own safe environment and try to eval it.  In other words...
if you get a string from *somewhere* and eval it it... you have no idea
what the outside source is having you eval.

However since you're using known options, I don't see anything too
dangerous in your example.

You might want to simply double check that your $opHeight is one of your
valid ops (<,>,=) and double check $myheight and $height are numbers so
your eval doesn't error.

>I have also read that Safe.pm can help
>alleviate this problem. However, documentation on Safe.pm is scarce in
>books, on the Net, and elsewhere, and detailled examples almost non
>existent.

I use Safe.pm extensively in my product.  For your example, I think Safe
would be overkill.

mark

PowerPerl(tm),  mailto:info@powerperl.com   http://www.powerperl.com
       A product of Tyrell Software Corp.   http://www.tyrell.com



***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch