So when we say "from the internet" does that include intranet? What I have
is a form that lists all the members of a group defined in LDAP. The call
to get the members for the group is all internal and our companies internal
ldap server. is that considered "from internet". I didn't write this app,
just trying to make adjustments. Currently if you hit a member of the group
that has been terminated/removed from ldap, the app errors out because the
its it a member of the group in which its trying to execute a look on while
listing.
my %member_hash;
my $member_hash;
my $member_Co;
foreach (@memb) {
# Fetch entry.
my $entry2 = $m->comp("/widgets/ldap/dn2entry.mpl",
ldap => $ldap,
dn => $_,
opts => {control => $control}, # Important!
);
$member_Co = $entry2->get_value('company');
}
1. Is it a security issue to wrap $entry2 code in a eval { } statement?
2. I'm thinking there is a better way to do this because (code wise)
becuase ever since i put the eval {} in place (in dev env), groups with
thousands of members takes a very long time to display.
here is the code for dn2entry.mpl:
On Tue, May 30, 2017 at 3:13 PM, John Dunlap <j...@lariat.co> wrote:
> Okay, I can see that but we were talking specifically about eval. So, my
> examples were intended to showcase the two ways that eval can be called and
> not how to safely obtain data from the internet.
>
> On Tue, May 30, 2017 at 4:06 PM, Ruben Safir <ru...@mrbrklyn.com> wrote:
>
>> On 05/30/2017 04:04 PM, John Dunlap wrote:
>> > In that example, the contents of $data are never evaluated by eval so
>> > even if it can be "smashed"(whatever that means) eval would have nothing
>> > to do with the failure.
>>
>>
>> it means your bringing in data without a limit and you can smash the
>> stack like that and I've seen this kind of code do just that.
>>
>> That is not just an issue for eval...
>>
>>
>>
>> --
>> So many immigrant groups have swept through our town
>> that Brooklyn, like Atlantis, reaches mythological
>> proportions in the mind of the world - RI Safir 1998
>> http://www.mrbrklyn.com
>>
>> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
>> http://www.nylxs.com - Leadership Development in Free Software
>> http://www2.mrbrklyn.com/resources - Unpublished Archive
>> http://www.coinhangout.com - coins!
>> http://www.brooklyn-living.com
>>
>> Being so tracked is for FARM ANIMALS and and extermination camps,
>> but incompatible with living as a free human being. -RI Safir 2013
>>
>
>
>
> --
> John Dunlap
> *CTO | Lariat *
>
> *Direct:*
> *j...@lariat.co <j...@lariat.co>*
>
> *Customer Service:*
> 877.268.6667
> supp...@lariat.co
>
--
Hiram Gibbard
hgibb...@gmail.com
http://hiramgibbard.com
