Re: Re: Re: How to do that with eval ?

in reply to Re: Re: How to do that with eval ?
in thread How to do that with eval ?

Absolutely. If the above script was a cgi, you might as well reformat your disk now. If the script is meant to be a 'quick hack', evals work, they work well, and with minimal coding.

I have used unsafe hacks like this for my personal dirty scripts because I dont have the time, inclination, or need to make them luser or h4x0r safe.

As tachyon says, never use eval on user input unless this is intended to be a 'dirty quick hack'.

Comment on Re: Re: Re: How to do that with eval ?

Replies are listed 'Best First'.
Re: Re: Re: Re: How to do that with eval ? by Hissingsid (Sexton) on Apr 10, 2004 at 08:34 UTC
>>"Absolutely. If the above script was a cgi, you might as well reformat your disk now. If the script is meant to be a 'quick hack', evals work, they work well, and with minimal coding." Hi, In the interests of clarity I'd be grateful if you could make it absolutely clear which of the "above" scripts you are referring to. I'm trying to learn and don't want to inadvertently misunderstand. Thanks Sid	[reply]
Re: Re: Re: Re: Re: How to do that with eval ? by perlmonkey (Hermit) on Apr 10, 2004 at 19:58 UTC
By 'above' I was refering to my previous post. If you run an eval on user input, the user input could be anything. In this case if the user instead of entering '>=' like we expect, enters ';`sudo rm -rf /`;' this will make the eval execute this extremely damaging command. For more reasons of how to make sure you are not allowing users to do bad things, please read the perlsec manpage	[reply]

In Section Seekers of Perl Wisdom