http://www.perlmonks.org?node_id=905044


in reply to Re^4: Executing a string as a Perl command
in thread Executing a string as a Perl command

I thought using eval in that way, on a scalar to execute a command is a NO-NO for security and not best practice! cant you just use the qx or system call?

You must think about where the scalar came from, and how much you trust that source (taint checking can help you keep track of that, but you still have to think about it), but if you do trust it, it is fine.

You similarly have to think about it if you interpolate it (uselessly) into a string.

Even more so for qx or system.