Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re^3: variable subroutine call

by meraxes (Friar)
on Dec 12, 2007 at 01:33 UTC ( #656533=note: print w/replies, xml ) Need Help??

in reply to Re^2: variable subroutine call
in thread variable subroutine call

Sorry. I guess I should have said it can be dangerous if others have access to it. Perhaps my own prejudices. I tend to be wary of things that execute code (or in this case, arbitrary subroutines) without any checking of the input other than "does the function exist". That's all.


Replies are listed 'Best First'.
Re^4: variable subroutine call
by shmem (Chancellor) on Dec 12, 2007 at 01:40 UTC
    The security issue is "not validating user input" (under certain circumstances) and not "making a string into a subroutine call". If the subroutine cannot be resolved, perl will complain (i.e. die), and done. So "validating user input" doesn't apply in the OP's context.

    It is just what your shell is doing, day in, day out.


    _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                                  /\_¯/(q    /
    ----------------------------  \__(m.====·.(_("always off the crowd"))."·
    ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

      Once again, just my paranoia. I dig what you're saying. Perhaps "authorization" is a better representation of what I was thinking. A wee bit beyond the scope of this, yes. Didn't mean to muddy the waters.

      My first job was writing Perl that many other people ran to do their work and I was always conscious of the "damage" they could do with my scripts... so I find myself functioning on paranoia level 42 at all times. ;)

      Obviously this isn't the issue here.


Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://656533]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2018-05-23 19:04 GMT
Find Nodes?
    Voting Booth?