Just another Perl shrine | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
I thought using eval in that way, on a scalar to execute a command is a NO-NO for security and not best practice! cant you just use the qx or system call?
You must think about where the scalar came from, and how much you trust that source (taint checking can help you keep track of that, but you still have to think about it), but if you do trust it, it is fine. You similarly have to think about it if you interpolate it (uselessly) into a string. Even more so for qx or system. In reply to Re^5: Executing a string as a Perl command
by ctilmes
|
|