> > > I was just reading everyone's reply and now I am worried I created a > security hole. >
eval will randomly execute ANY externally aquired string and run it with the full power and authority of Perl and your webserver. Nothing but static strings of known perl code should be using eval... actually it is better to just not use eval. Error checking can be done on the fly and code that fails for some reason should end the process. Apache will rekick an instance anyway. > Thanks > > On Tue, May 30, 2017 at 10:04 AM, Dirk-Willem van Gulik < > di...@webweaving.org> wrote: > > > > > > On 30 May 2017, at 16:58, p...@cpan.org wrote: > > > > > > On Tuesday 30 May 2017 15:53:13 James Smith wrote: > > >> String eval should be avoided at all costs [especially if you parse user > > >> input] - functional eval is different - and is a good model for catching > > >> errors etc > > > > > > Yes, string eval should be avoided in all usage. But this discussion was > > > about that functional eval. > > > > Aye - right you are - apologies for causing confusing and missing the (/{. > > > > Dw. > > > > > > -- > Hiram Gibbard > hgibb...@gmail.com > http://hiramgibbard.com -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and and extermination camps, but incompatible with living as a free human being. -RI Safir 2013