How does using 'require' differ from using 'eval'? The documentation
of 'require' states that it is fundamentally a fancy 'do',
which is just another way of saying 'eval'. It's not the
"catching errors" part that worries people. It's the fact
that your required file could contain stuff you didn't
expect, such as a program to send your password file to
some remote system.
All in all, it is probably best to not require, include, or
in any way run code that is arbitrary. 'use', being a compile
time thing (outside of eval, of course) is a lot safer
since the code can't really be modified while the program is
However, if you are operating in a "clean room" environment,
such as a dedicated server with strictly controlled access,
where the output from Data::Dumper cannot be tampered with
in any conceivable way, I would say that eval'ing that
code is not as risky as some would have you believe.
real risk comes from running on shared systems with untrusted
users who may be able to "deposit" files in your dump directory
since they are using the same Web server user (i.e. nobody)
and then are able to execute arbitrary code.
In reply to Re^2: Undumper
in thread Undumper
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read 237057 if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the 29281:
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See 17558 and other pages linked from there for more info.
| & || & |
| < || < |
| > || > |
| [ || [ |
| ] || ] ||