Think about Loose Coupling | |
PerlMonks |
Re (tilly) 1: is I/O checking worth it?by tilly (Archbishop) |
on Jan 14, 2001 at 05:14 UTC ( [id://51669]=note: print w/replies, xml ) | Need Help?? |
The first step if security matters is to read perlsec and
then turn on taint checking. A good step regardless is to have every open test what you did. I believe in doing it like perlstyle says and having the error message include the filename, attempted operation, and $!. If you need to read and write files but don't want to follow symlinks, this can get fairly tricky. The following code (which will fail horribly on systems without symlinks) demonstrates how to do it safely: In general if you need temporary files, do not attempt to roll that yourself. Use File::Temp. Really. Also note that if you are concerned with security then you may want to think about locking. For an example (which could easily be improved) that I came up with a while ago see Simple Locking. With luck this should give you some ideas of how to improve the security of your programs.
In Section
Meditations
|
|