Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^2: I failed today

by atcroft (Abbot)
on May 27, 2023 at 05:15 UTC ( [id://11152424]=note: print w/replies, xml ) Need Help??


in reply to Re: I failed today
in thread I failed today

I'm no fan of Python myself, but as most of us have seen Perl (mis-)features or improper usage used as examples of why not to use Perl, I feel someone should be intellectually honest enough to call the same when applied elsewere. In the example given, this is the use of a poorly-named feature that somehow survived in versions of Python prior to the 3.x series.

In the 2.7.18 documentation, it says that input([prompt]) is the equivalent of eval(raw_input([prompt])), and to consider using the raw_input() function for general input from users. Their eval() is similar to our string eval() function, so I ask the question -- If you were writing a Perl script and accepting credentials, can you think of a valid reason to pass the user's input immediately through a string eval? (If you're writing a program that needs to be security-conscious, I expect some thought on the functions one calls, and honest research when testing shows something misbehaving (it was tested, right?).)

Replies are listed 'Best First'.
Re^3: I failed today
by bliako (Abbot) on May 27, 2023 at 17:45 UTC
    so I ask the question -- If you were writing a Perl script and accepting credentials, can you think of a valid reason to pass the user's input immediately through a string eval?

    Of course not.

    Whereas Perl reminds us all the time that accepting unchecked user input is bad practice. And, god forbid, eval()'ing unchecked user input is criminal, Python decides to name the input+eval function input() and the sane just-input function as ... raw_input(). Why penalise the sane and common practice with more keystrokes? But you are right that reading the documentaton is key to avoid input() misbeheaving and fall in this trap.

[reply]
[d/l]
[select]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11152424]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (3)
As of 2026-03-11 15:41 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found
    Notices?
    hippoepoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.