Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: Two-arg open() considered dangerous

by rob_au (Abbot)
on Dec 12, 2001 at 05:11 UTC ( #131132=note: print w/ replies, xml ) Need Help??


in reply to Two-arg open() considered dangerous

For the most part, doesn't this "security danger" simply come down more to the vetting of parameters passed to functions, rather than the functions themselves? I mean, with the use of taint mode (-T), such an open statement would not be allowed as it (presumably) represents a passed parameter which has not been vetted prior to its passing onto open.

I do however agree with you most heartedly on the matter of sysopen() - A most underused and useful function ...

 

perl -e 's&&rob@cowsnet.com.au&&&split/[@.]/&&s&.com.&_&&&print'


Comment on Re: Two-arg open() considered dangerous
Select or Download Code
Re: Re: Two-arg open() considered dangerous
by chip (Curate) on Dec 13, 2001 at 00:22 UTC
    Good engineering is sometimes about minimizing the likelihood of something bad happening. Compare the legal concept of "attractive nuisance": If you have a swimming pool in your back yard, you're responsible for putting a reasonable fence around it. Those who design programming languages and other interfaces aren't doing their work very well when they create new and easier opportunities for self-fornication.

        -- Chip Salzenberg, Free-Floating Agent of Chaos

      I have to say that I disagree with you here chip - The concept that the language designers should limit an interface to shield even only potentially unfriendly arguments, particularly where such arguments may be perfectly valid (as described by merlyn above), is in itself flawed. Perl has always been described as "providing enough rope to hang yourself with" - I would much rather take those steps of good engineering than sacrifice any power within the underlying language interface.

       

      perl -e 's&&rob@cowsnet.com.au&&&split/[@.]/&&s&.com.&_&&&print'

        Well of course there's a balance, rob. But I'm rather tired of excuses for poor design decisions that make writing robust software more difficult without any real gains.

        Why couldn't three-arg open have been in Perl from the start of its being a full language, i.e. 3.0 or so? It should have been.

            -- Chip Salzenberg, Free-Floating Agent of Chaos

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://131132]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (6)
As of 2014-09-02 06:18 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (20 votes), past polls