Re: Re: Laundering tainted 'eval'


go ahead... be a heretic
	PerlMonks

Re: Re: Laundering tainted 'eval'

by ariels (Curate)

on May 11, 2002 at 09:21 UTC ( [id://165856]=note: print w/replies, xml )

Need Help??

in reply to Re: Laundering tainted 'eval'
in thread Laundering tainted 'eval'

But <samp>do EXPR</samp> is an eval! The docs say:

do 'stat.pl';
[download]

is just like

scalar eval `cat stat.pl`;
[download]

...

It goes on to list some differences.

The point about taint mode is not letting your program execute (some, not all!) potentially dangerous operations. Replacing an eval with do doesn't do that...

Comment on Re: Re: Laundering tainted 'eval' Select or Download Code

Replies are listed 'Best First'.
Re: Re: Re: Laundering tainted 'eval' by Mr. Muskrat (Canon) on May 12, 2002 at 21:23 UTC
I never said it wasn't... only why read the file and eval when you can just do it. You save programming time, it's less lines of code, yadda yadda and it just sounds cooler. Who says that programmers can't work in the Marketing Department? Or is that who says that Marketing people can't program?	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://165856]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others contemplating the Monastery: (2)

As of 2024-04-24 23:04 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found