Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: "Dynamic" dispatch tables

by mr_mischief (Prior)
on Apr 29, 2011 at 18:14 UTC ( #902052=note: print w/ replies, xml ) Need Help??


in reply to "Dynamic" dispatch tables

All interactive software tends to run different subs based on user input in some way. There's no security issue with that per se. Where there's a security issue is making a system call with user-supplied data or executing code received as user-supplied data. If one of your subroutines makes a change to part of the system outside your program, you need to be very sure what kinds of changes it can make given the inputs which are allowed to change its behavior.


Comment on Re: "Dynamic" dispatch tables
Re^2: "Dynamic" dispatch tables
by elTriberium (Friar) on Apr 29, 2011 at 18:20 UTC
    Right, that's the part where user input becomes code in my original post:
    $dispatch_table{$tc} = sub {eval "tcid_$tc()"},
    $tc is a value entered by the user. I'm dynamically creating the sub name tcid_$tc based on that input. Since this is in an eval, there are of course bad things a user could do here (like supplying --tcid 1;<bad code here>), but since this code will never be released to the public I don't see this as a big issue. And of course I can add some additional parsing for example that a tcid is only \d+ and nothing else.
      Well, if the only people running the code would also have access to alter the code then you're not really protecting the system from anything but an accident.
        OK, good point, thanks.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://902052]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2014-07-10 23:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (217 votes), past polls