Re^2: How to change the scalar value to some other context.

in reply to Re: How to change the scalar value to some other context.
in thread How to change the scalar value to some other context.

Is it secure method to use eval function.

Comment on Re^2: How to change the scalar value to some other context.

Replies are listed 'Best First'.
Re^3: How to change the scalar value to some other context. by ig (Vicar) on Jul 24, 2009 at 12:05 UTC
Is it secure method to use eval function. That is an excellent question. The short answer is: no. The eval function will parse and execute arbitrary code. Therefore, it is quite dangerous. Your program can still be secure if it ensures that the eval function will only evaluate "safe" code. To do this, you must carefully screen all inputs that go into the code the eval function evaluates. You might find perlsec and the 'taint' mode it describes helpful.	[reply]

Replies are listed 'Best First'.

Re^3: How to change the scalar value to some other context.
by ig (Vicar) on Jul 24, 2009 at 12:05 UTC

Is it secure method to use eval function.

That is an excellent question. The short answer is: no.

The eval function will parse and execute arbitrary code. Therefore, it is quite dangerous.

Your program can still be secure if it ensures that the eval function will only evaluate "safe" code. To do this, you must carefully screen all inputs that go into the code the eval function evaluates. You might find perlsec and the 'taint' mode it describes helpful.

[reply]

In Section Seekers of Perl Wisdom