Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I am testing a simple database script. Each time a new record is added, a HTML file will be created. open(Newfile, ">$base_dir/$number\.htm" || die "can't open file\n"; print newfile "....."; close(newfile); $number is a variable and is incremented each time a new record is added. I got error message "Insecure Dependency" and the new file is not created. Does anyone know why this happens and what can I do to solve it? Thanks! Molly
  • Comment on Insecure Dependency: open file with variable name

Replies are listed 'Best First'.
(Ovid) Re: Insecure Dependency: open file with variable name
by Ovid (Cardinal) on Aug 21, 2000 at 23:02 UTC
    Either you are using the -T switch, or you're running setuid or setgid (these turn on the tainting mechanism). You'll need to untaint your data (see perlsec for details). Perl has assumed that either $base_dir or $number has unsafe data and is killing the script rather than allow a security hole (and this is a Good Thing).

    I am assuming that either $base_dir or $number is being acquired from outside the script you are currently running, otherwise I can't see why you'd get this error.

    Another problem I see is that your filehandle has an initial cap when you open it (Newfile) but is all lower case (newfile) when you try to write to it or close it. Perl is CasE sEnsiTIVe. Your script is not going to recognize those file handles as being the same thing. Suggestion: put all filehandles in all caps (NEWFILE). This is pretty much the standard in Perl and will serve you well in the future.

    Cheers,
    Ovid

[reply]

Back to Seekers of Perl Wisdom