Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re^4: how to read conf file in perl script

by afoken (Chancellor)
on Oct 21, 2009 at 16:28 UTC ( #802494=note: print w/replies, xml ) Need Help??


in reply to Re^3: how to read conf file in perl script
in thread how to read conf file in perl script

Do you follow millions of lemmings jumping of the cliff just because "everyone's doin' it"?

I do not think that using an unlimited Perl parser as a configuration file parser is a good idea. On properly administrated Unix systems, the critical configuration files of CPAN and CPANPLUS should be writeable only for root. So if one can manipulate those files, perl and CPAN/CPANPLUS are your least problem.

On a typical Windows system with, for example, Strawberry Perl, EVERY user including the guest account can change the configuration files.

JSON, classic INI files, YAML, and even XML do not have this security problem. A malicious user can modify those files, make the application break, but he will not be able to run arbitary code (unless there's another bug in the application or one of the libraries used).

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
  • Comment on Re^4: how to read conf file in perl script

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://802494]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2023-12-10 10:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    What's your preferred 'use VERSION' for new CPAN modules in 2023?











    Results (39 votes). Check out past polls.
    Notices?