good chemistry is complicated, and a little bit messy -LW |
|
PerlMonks |
Re: Re: Re: Re: Re: How to do that with eval ?by perlmonkey (Hermit) |
on Apr 10, 2004 at 19:58 UTC ( [id://344163]=note: print w/replies, xml ) | Need Help?? |
By 'above' I was refering to my previous post. If you run an eval on user input, the user input could be anything. In this case if the user instead of entering '>=' like we expect, enters ';`sudo rm -rf /`;' this will make the eval execute this extremely damaging command. For more reasons of how to make sure you are not allowing users to do bad things, please read the perlsec manpage
In Section
Seekers of Perl Wisdom
|
|