Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re^5: Executing a string as a Perl command

by ctilmes (Priest)
on May 16, 2011 at 10:56 UTC ( #905044=note: print w/replies, xml ) Need Help??


in reply to Re^4: Executing a string as a Perl command
in thread Executing a string as a Perl command

I thought using eval in that way, on a scalar to execute a command is a NO-NO for security and not best practice! cant you just use the qx or system call?

You must think about where the scalar came from, and how much you trust that source (taint checking can help you keep track of that, but you still have to think about it), but if you do trust it, it is fine.

You similarly have to think about it if you interpolate it (uselessly) into a string.

Even more so for qx or system.

  • Comment on Re^5: Executing a string as a Perl command

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://905044]
help
Chatterbox?
[Corion]: Nice to see that the kids have some understanding of important things that happen and the appropriate behaviour :)
[marto]: at times mine surprise me with this behavior :)
[Corion]: I mean, in a way it would be nicer+easier if they always where that obedient, but it's comforting to see that they are when it matters, at least for now ;)

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2016-12-08 09:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (138 votes). Check out past polls.