Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

Re^5: Executing a string as a Perl command

by ctilmes (Priest)
on May 16, 2011 at 10:56 UTC ( #905044=note: print w/ replies, xml ) Need Help??

in reply to Re^4: Executing a string as a Perl command
in thread Executing a string as a Perl command

I thought using eval in that way, on a scalar to execute a command is a NO-NO for security and not best practice! cant you just use the qx or system call?

You must think about where the scalar came from, and how much you trust that source (taint checking can help you keep track of that, but you still have to think about it), but if you do trust it, it is fine.

You similarly have to think about it if you interpolate it (uselessly) into a string.

Even more so for qx or system.

Comment on Re^5: Executing a string as a Perl command

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://905044]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2015-11-28 06:23 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (739 votes), past polls