humbledisciple has asked for the
wisdom of the Perl Monks concerning the following question:
I know, but it can't be avoided. I need to allow a user, novice or experienced (even with malicious intent), to input a perl expression or program and have it run over string.
Here's the setup. This is done in a web context where the user can enter a simple or complex perl program. I will feed the user's program an input string and it should return an output string back to me.
Obviously, I don't want the user to trash my hard drive, open files, etc. Should the eval operation be wrapped in an exception handler? Can I restrict the access to my file system? Is there a way to prevent the user from running and infinite loop expression and thus bring my server to a halt?