Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: Dynamic Variable Names?

by Abigail-II (Bishop)
on Jul 23, 2002 at 15:58 UTC ( [id://184461]=note: print w/replies, xml ) Need Help??


in reply to Re: Dynamic Variable Names?
in thread Dynamic Variable Names?

Except from the fact the eval contains a syntax error (you'd need to escape the @), what makes you think the eval is unsafe? There's no data coming from the outside. The eval is as safe as any other code from the programmer.

There's a lot that can be argued against "variable names inside variable names", but security is only an argument if you use data from the untrusted environment as variable names.

Abigail

Replies are listed 'Best First'.
Re: Re: Dynamic Variable Names?
by Anonymous Monk on Jul 23, 2002 at 23:41 UTC
    ... but security is only an argument if you use data from the untrusted environment as variable names.

    Really?

    Whenever code does not behave as expected, there is a real possibility of an unexpected consequence that compromises security. Therefore any programming practice that leads to bugs is also a source of potential security flaws, even if it is not obvious how to get there.

      The only coding practice that doesn't lead to bugs is to not code at all. eval()s are as dangerous as code written with vi - you can make the same mistakes.

      Abigail

        You can make the same mistakes with any coding practice - agreed. Which leads to the question of how often you make them, and how quickly you catch them.

        I submit that liberal usage of eval for most people leads to more mistakes, and more difficulty in tracking them down and debugging them. (Particularly if you don't religiously check $@.) Given its power it is sometimes worth going there. But not when there are built-in constructs for doing the same thing you are trying to do.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://184461]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (5)
As of 2024-03-28 20:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found