Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re^4: Use 'use' in foreach

by haukex (Archbishop)
on Jul 23, 2017 at 20:53 UTC ( [id://1195838]=note: print w/replies, xml ) Need Help??


in reply to Re^3: Use 'use' in foreach
in thread Use 'use' in foreach

it's much the same as saying that DBI is vulnerable by design because putting user-supplied strings into a do() or prepare() call could result in SQL injection

Well, yes and no: I'm saying that yes, it's a security issue like code injection, both in that it should be seriously considered and warned about, but also in that if you are aware of the issues and know what you are doing and can use it safely, then fine. But no, it's not exactly like DBI's API, because apparently Module::Load chose to overload its load function to be able to load both modules and files, which could have been designed differently to avoid this issue.

nobody in their right mind would write code which passed unvalidated user-supplied data to such methods

Well I've seen it done one too many times, and so this statement could also be read with a sarcastic meaning ;-)

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1195838]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chanting in the Monastery: (6)
As of 2024-04-24 08:14 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found