Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^2: Is this reliable way to cast from BOOL to NUMBER?

by misterperl (Pilgrim)
on Feb 18, 2013 at 16:57 UTC ( [id://1019368]=note: print w/replies, xml ) Need Help??


in reply to Re: Is this reliable?
in thread Is this reliable?

Many thanks Monks (and a bow)- your knowledge of internals is awe-inspiriing, and in my case perhaps a bit of a consolation. For now based on your findings, I'll go with 0 and 1 will be my cast-value from bool to int.

I also tried it with a regex and that ALSO yielded 0 and 1 (yay).

I'd actually considered using ? : construct, and may end up with that, but I'm hoping I don't have to.

Here my issue- I'm sort of allowing web users to *write psuedo-perl* , which I convert into actual Perl, then eval. I want to only yield them a very tiny subset of commands- mostly along the lines of doing math, or setting values on values in only one hash. So I didn't want to let them deviate too far even into conditionals. All of course for obvious security reasons..

Thanks * 10 !
  • Comment on Re^2: Is this reliable way to cast from BOOL to NUMBER?

Replies are listed 'Best First'.
Re^3: Is this reliable way to cast from BOOL to NUMBER?
by tobyink (Canon) on Feb 18, 2013 at 17:13 UTC

    Personally I'd get them to write an entirely different scripting language and then either write a parser/interpreter for that scripting language, or use an off the shelf one (like JE for Javascript).

    package Cow { use Moo; has name => (is => 'lazy', default => sub { 'Mooington' }) } say Cow->new->name
[reply]
Re^3: Is this reliable way to cast from BOOL to NUMBER?
by jethro (Monsignor) on Feb 18, 2013 at 17:18 UTC
    Oh yeah, did something similar a few years ago and line input '<>' and Here-doc '<<' operators were the obvious trouble makers. Since I only allowed simple arithemtic constructs I could get by with regexes to police the code but I never trusted that completely.
[reply]
Re^3: Is this reliable way to cast from BOOL to NUMBER?
by AnomalousMonk (Archbishop) on Feb 18, 2013 at 17:12 UTC
    ... for obvious security reasons..

    Ah, the ever-reliable "Security Through Obscurity" strategy!

[reply]
Re^3: Is this reliable way to cast from BOOL to NUMBER?
by aitap (Curate) on Feb 18, 2013 at 17:04 UTC
    You can try Safe for restricting string eval but remember that there is no warranty of 100% safety. A bug in Perl or in this module can lead to a security hole.
    Sorry if my advice was wrong.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1019368]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (7)
As of 2024-04-16 07:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found