Using eval is an unacceptable security bug for all online and public
access programs that aquire data from external non-secured sources.
On Tue, May 30, 2017 at 09:39:53AM -0400, John Dunlap wrote:
> Yes, I do that extensively and it works perfectly. It's as close to a true
> Try/Catch block as we have in the perl world. However, I *usually* do not
> return values from it because I use this construct to control my database
> transaction demarcation and using the return value from outside of the eval
> wouldn't be inside the transaction. With that said, I have had to do it
> from time to time and it works just fine. Also, it is advisable to copy the
> contents of $@ into a separate variable immediately. My understanding is
> that this can prevent some weird concurrency issues, under some conditions.
> My general form looks something like this,
>
> my $return = eval {
> # BEGIN DATABASE TRANSACTION
>
> # DO SOME STUFF
>
> # COMMIT DATA BASE TRANSACTION
>
> return 'SOME VALUE';
> };
>
> if ($@) {
> my $error = $@;
>
> # ROLLBACK DATABASE TRANSACTION
>
> # LOG ERROR
> }
>
>
> On Tue, May 30, 2017 at 4:47 AM, James Smith <j...@sanger.ac.uk> wrote:
>
> > Not really a mod_perl question but you can always wrap your method call in
> > an eval
> >
> > my $ret = eval { $m->...() };
> >
> > And then check $@ for the error message
> >
> >
> > On 2017-05-26 02:08 AM, Peng Yonghua wrote:
> >
> >> greeting,
> >>
> >> I am not so good at perl/modperl,:)
> >>
> >> In the handler, a method from a class was called, when something dies
> >> from within the method, what's the correct way the handler will take?
> >>
> >> for example, I wrote this API which works right if given a correct domain
> >> name:
> >>
> >> http://fenghe.org/domain/?d=yahoo.com
> >>
> >> server response:
> >> var data={"registration":"domain may be taken","domain":"yahoo.com"}
> >>
> >> If given a wrong domain name:
> >>
> >> http://fenghe.org/domain/?d=yahoo.nonexist
> >>
> >> The server returns 500.
> >>
> >> This is because, in the handler, I used this module (wrote also by me):
> >>
> >> http://search.cpan.org/~pyh/Net-Domain-Registration-Check-0.
> >> 03/lib/Net/Domain/Registration/Check.pm
> >>
> >> And in the module, croak like this was happened,
> >>
> >> croak "domain TLD not exists" unless tld_exists($tld);
> >>
> >> When handler meets the croak, it dies (I guess) and server returns 500.
> >>
> >> How will I make the full system work right? fix on handler, or the module
> >> itself?
> >>
> >> Thanks.
> >>
> >
> >
> >
> > --
> > The Wellcome Trust Sanger Institute is operated by Genome Research
> > Limited, a charity registered in England with number 1021457 and a company
> > registered in England with number 2742969, whose registered office is 215
> > Euston Road, London, NW1 2BE.
>
>
>
>
> --
> John Dunlap
> *CTO | Lariat *
>
> *Direct:*
> *j...@lariat.co <j...@lariat.co>*
>
> *Customer Service:*
> 877.268.6667
> supp...@lariat.co
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
