Regarding codepad.org being down, I google searched for some alternatives and found http://ideone.com/, among others.

I haven't seen others but the one you posted I just checked out. That is loaded packed full of ads. My sys admin/sec team would not appreciate loading a page that has that much activity on it.

They might all be that way, I haven't used any of these before but it is a neat idea. I know I probably couldn't be loading a page like this one in my environment without some flags being raised. Especially if it takes numerous pastes or reloads to get a script to work properly.

"My sys admin/sec team would not appreciate loading a page that has that much activity on it."

If you mean browsing install adblock (or similar). I wasn't suggesting you use this sites design as a basis for your own. You could setup whatever UI you're comfortable with.

If your hoster doesn't provide SSH access it may be worth getting one that does. HTH.

update: What tospo said. You have to be quick off the mark round here. :-)

file.pl > file.out 2> file.err
[download]

I can't say it's not possible it'd be public once I worked out all the bugs and got the OK from the good people at HostGator but essentially I don't want to do any SSH or logins of any time. I could simply log into my cpanel and upload Perl files that way but I don't want to have to authenticate in order to test out code. Having my browser tab open to the interpeter form would work in the environment in now and ANY job I have in the future without Perl available.


"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"

sulfericacid

but if you don't want to do any SSH into the remote machine, how would you do your "admin stuff" like installing new modules? I can imagine that debugging will also not be much fun with this webapp. And then of course there are all those security concerns. Maybe you would be better off just bringing your laptop to work... :)

Have you considered the issues regarding security? Security through obscurity (not publishing the URL) is not security. URL's can be discovered eventually. You could require a login, but you mentioned you're opposed to that approach.

If you disable the use of all modules via disabling 'use', 'require', and 'do', the use of all system commands (including open), the backtick and qx// operators, the s///e construct, eval, you have suddenly created a huge project, and one that doesn't even touch the tip of the iceberg with respect to preventing malicious attacks.

I know that most of the simple attacks can be prevented, but when you expose the interpreter to the world, you have to be sure you thought of every possible attack.

How about running the untrusted code on a virtual machine that lacks a network connection, and can be restored to a good snapshot between sessions or after a timeout?

That's not true. Not publishing a URL can be quite secure.

If the OP doesn't ever publish it somewhere and nests the directory tree 3 or more directories deep with charactor-random directory names no one and no bot will ever find it.

Ie:
somesite.com/234sfsd/zzasdf21/ooiissa221/22234AZa/pwa2r.pl

That obscurity it absolutely security. The OP could go one or two steps further by not having the script run unless a certain param is passed to ie, ie: pwa2r.pl?mode=a23da.

Now there is a level of authentication with an obscure URL. The other step is doing an IP-based security if they have a static IP address. Any one of those tiers of security is not completely secure by itself but if two or more of them are used you have yourself a very secure script without the need of authentication.

Unless any part of the served pages ever, at any time, calls an external URL or visits one from it. Plus IP filtering is a form of authentication and, without reverse look-ups, not a "very secure" one.

That's not true. Not publishing a URL can be quite secure....

If you're using a web server, people will be knocking on your server port within hours. In the 90s you could put a server up and no one tried for weeks, after 2001 it was less then 8 hours and now about 2-4 hours. If you use https with your own certificates, you may have a chance. But, that's a lot of work!

Further, on the "...script run unless a certain param is passed...", that param had better change every few minutes, or you'll find someone harvesting your information. A recent study of victims of on-line theft stated that 95% of them thought they didn't have anything to steal on their PC.

Now add a web server!

Go with security first!

"Well done is better than well said." - Benjamin Franklin

Does your traffic pass through something I have control over? Think network, cache, diverted network route, wireless leak, ...

--MidLifeXis

I did forget the add the OP would have to have an index file in the above mentioned directories so the tree isn't visible.

What davido++ said. Of interest: Safe.

"I switched jobs to a company that doesn't have/allow Perl to be installed. I still want to be able to do this ...."

But from your new company (office, cube, whatever)? When the employer expects you to be working... according to its standards?

/Methinks you'd be wiser to write prototypes or whatever either

1. with their specific blessing (does the "have/allow" construct mean you don't know if the issue is merely "doesn't have" as opposed to "forbids" or that the company's posture makes both verboten?)
   or ...
2. on your own time in your own place/

Very good points. It's a bad idea, period. Either he will be doing personal stuff, or he will be doing company related work over the Internet to his PC. Pasting in company data to process over the Internet? Could be a firing offense. Just like SSHing could be as well. More likely he will just get in trouble for it, but getting in trouble after just starting a new job doesn't sound very smart and could increase the odds of getting fired.

Elda Taluta; Sarks Sark; Ark Arks

eval will help on the "crashing", and < pre >...< /pre> will help you get the results. But you may have to search on special characters. ( Note: big one is '&'. )

Perl can do it! But you may want to educate your new bosses about the value of perl as a prototype tool.

Good Luck!