http://www.perlmonks.org?node_id=600869


in reply to Re^3: how would you detect a math expression
in thread how would you detect a math expression

Even with the double fork and chroot there're still a lot of potential security holes which are open, for example consider the following two fairly common attacks for a couple off the top of my head: Basically this is the Whack-A-Mole kind of thing where you think of two avenues of attack and block them, the attacker thinks of a third and causes you pain. The kind of security provided by the Safe module could be a step in the right direction but that'd need careful config, whereas the route means that the operations the user can execute are strictly restricted to a known-safe subset, and also means that the user can enter terms such as '2x2.23kg in lbs' which'd never run in Perl even with constants carefully defined.