Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: Test regex compile

by SavannahLion (Pilgrim)
on May 14, 2004 at 02:51 UTC ( [id://353257] : note . print w/replies, xml ) Need Help??

in reply to Test regex compile

I'm just asking for two cents here, since I don't really know the full circumstances of this situation. But I'm writing because someone mentioned accepting regexs through a database.

In a worst case scenario, isn't this kind of asking for trouble? What if someone wanted to insert malicious code into this running script? Granted, I really don't know the full implications of using an Eval block to run unknown code, but wouldn't using Reval be a bit more desirable with something like this? I'm just thinking in terms of reducing the amount of risk present to a computer.

If I'm way off base here, I'd appreciate some clarification on this. Whenever I thought I had an excuse to use an Eval, I always found a much better way through refactoring. :)

Thanks for your patience.
Prove your knowledge @ HLPD

Replies are listed 'Best First'.
Re: Re: Test regex compile
by ozone (Friar) on May 14, 2004 at 09:35 UTC
    Agreed. Running eval on untrusted input is a recipe for disaster!

    Using Taint would be a very good idea, although I'm not sure how you'd make a regex that correctly extracts a regex :-)