Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re^2: Is this reliable way to cast from BOOL to NUMBER?

by misterperl (Sexton)
on Feb 18, 2013 at 16:57 UTC ( #1019368=note: print w/ replies, xml ) Need Help??


in reply to Re: Is this reliable?
in thread Is this reliable?

Many thanks Monks (and a bow)- your knowledge of internals is awe-inspiriing, and in my case perhaps a bit of a consolation. For now based on your findings, I'll go with 0 and 1 will be my cast-value from bool to int.

I also tried it with a regex and that ALSO yielded 0 and 1 (yay).

I'd actually considered using ? : construct, and may end up with that, but I'm hoping I don't have to.

Here my issue- I'm sort of allowing web users to *write psuedo-perl* , which I convert into actual Perl, then eval. I want to only yield them a very tiny subset of commands- mostly along the lines of doing math, or setting values on values in only one hash. So I didn't want to let them deviate too far even into conditionals. All of course for obvious security reasons..

Thanks * 10 !


Comment on Re^2: Is this reliable way to cast from BOOL to NUMBER?
Replies are listed 'Best First'.
Re^3: Is this reliable way to cast from BOOL to NUMBER?
by tobyink (Abbot) on Feb 18, 2013 at 17:13 UTC

    Personally I'd get them to write an entirely different scripting language and then either write a parser/interpreter for that scripting language, or use an off the shelf one (like JE for Javascript).

    package Cow { use Moo; has name => (is => 'lazy', default => sub { 'Mooington' }) } say Cow->new->name
Re^3: Is this reliable way to cast from BOOL to NUMBER?
by jethro (Monsignor) on Feb 18, 2013 at 17:18 UTC
    Oh yeah, did something similar a few years ago and line input '<>' and Here-doc '<<' operators were the obvious trouble makers. Since I only allowed simple arithemtic constructs I could get by with regexes to police the code but I never trusted that completely.
Re^3: Is this reliable way to cast from BOOL to NUMBER?
by AnomalousMonk (Abbot) on Feb 18, 2013 at 17:12 UTC
    ... for obvious security reasons..

    Ah, the ever-reliable "Security Through Obscurity" strategy!

Re^3: Is this reliable way to cast from BOOL to NUMBER?
by aitap (Deacon) on Feb 18, 2013 at 17:04 UTC
    You can try Safe for restricting string eval but remember that there is no warranty of 100% safety. A bug in Perl or in this module can lead to a security hole.
    Sorry if my advice was wrong.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1019368]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (15)
As of 2015-07-31 16:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (279 votes), past polls