HOWEVER, it's exceedingly dangerous to take arguments from STDIN to run a routine unless ya know where they're coming from. Potential security hazard.

Care to elaborate a bit? I am running it, and it is my input, so I know where it is coming from: from me. And if I am not trustworthy for myself, who is?

What you say only applies (sometimes) when the program is running on behalf of somebody else (e.g. setuid).

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Sorry. I guess I should have said it can be dangerous if others have access to it. Perhaps my own prejudices. I tend to be wary of things that execute code (or in this case, arbitrary subroutines) without any checking of the input other than "does the function exist". That's all.

--
meraxes

The security issue is "not validating user input" (under certain circumstances) and not "making a string into a subroutine call". If the subroutine cannot be resolved, perl will complain (i.e. die), and done. So "validating user input" doesn't apply in the OP's context.

It is just what your shell is doing, day in, day out.

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

I am running it, and it is my input, so I know where it is coming from: from me. And if I am not trustworthy for myself, who is?

That sums up the situation nicely. Often times it is precisely because I am running it and it is my input that problems occur. I'm the last person I would trust.

I'm with meraxes on this one but of course ymmv. :-)