open my $fh, MODE, FILE vs. open my $fh, "MODE FILE"

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I'm writing a program that will be opening a couple of files (something that I hope that other people may actually use one day -- a big step for me :) ), and I'm a bit curious about the security implications of the following two alternatives:

open my $fh, MODE, FILE or die "blah blah $!";
open my $fh, "MODE FILE" or die "yadda yadda $!";

I'm definitely going to specify the mode with which to open the file (the file name is configurable via a command-line switch, so I want to do my best to prevent anything nasty from happening), but I'm wondering about whether the former or the latter is considered to be more secure. Yes, I know that to achieve ultimate security I shouldn't open any files. perlsec and perlopentut didn't mention anything about either method. And yes, I will be providing more descriptive die messages. :) Thanks in advance for any guidance.

Comment on open my $fh, MODE, FILE vs. open my $fh, "MODE FILE"

Replies are listed 'Best First'.
Re: open my $fh, MODE, FILE vs. open my $fh, "MODE FILE" by hardburn (Abbot) on Feb 02, 2004 at 21:48 UTC
`open FH, MODE, FILE` form is prefered, as long as you can guarentee the use of perl 5.6 or higher. That mode will make it a lot harder to accidentally open up a file the wrong mode (either due to a mis-typed filename or bad user input). ---- I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident. -- Schemer `: () { :\|:& };:` Note: All code is untested, unless otherwise stated	[reply] [d/l] [select]
Re: Re: open my $fh, MODE, FILE vs. open my $fh, "MODE FILE" by jweed (Chaplain) on Feb 03, 2004 at 00:53 UTC
To clarify, modules and scripts for which backwards compatablilty with previous perls is required shoud refrain from using the three arg form. Just FYI. Code is (almost) always untested. http://www.justicepoetic.net/	[reply]
Re: open my $fh, MODE, FILE vs. open my $fh, "MODE FILE" by ysth (Canon) on Feb 02, 2004 at 22:06 UTC
As far as I know, the main problem with 2-arg open is if the beginning of the file could be misunderstood as the mode. That shouldn't happen if you explicitly specify the mode and have a space before the filename. But I prefer the 3-arg form anyway.	[reply]
Re: Re: open my $fh, MODE, FILE vs. open my $fh, "MODE FILE" by bart (Canon) on Feb 03, 2004 at 01:31 UTC
There's more to it. Whitespace on both sides of the filename gets stripped. Tough luck if your filename actually has whitespace on either end of its name... From `perldoc -f open`: The filename passed to open will have leading and trailing whitespace deleted, and the normal redirection characters honored.	[reply]
Re: open my $fh, MODE, FILE vs. open my $fh, "MODE FILE" by jonadab (Parson) on Feb 03, 2004 at 14:38 UTC
Tough luck if your filename actually has whitespace on either end of its name If you have filenames like that, you'll have trouble with more than just Perl. Even whitespace in the middle of filenames has a tendency to break things. I would personally be more concerned about the backward compatibility. There are a lot of people out there still using 5.003 for one reason or another. Of course, if you're using newer Perl features anyway, like unicode or threads, then that consideration becomes moot and you may as well use the three-arg form. `$;=sub{$/};@;=map{my($a,$b)=($_,$;);$;=sub{$a.$b->()}} split//,".rekcah lreP rehtona tsuJ";$\=$ ;->();print$/` [download]	[reply] [d/l]
Re: open my $fh, MODE, FILE vs. open my $fh, "MODE FILE" by Anonymous Monk on Feb 02, 2004 at 22:23 UTC
/me sighs and blushes a bit. Remind me next time to make sure that I post things like this on a tab where I'm logged in -- this was my post, I somehow posted it under a tab where I hadn't logged in. Thanks for the information, everyone.	[reply]
Re: Re: open my $fh, MODE, FILE vs. open my $fh, "MODE FILE" by BigLug (Chaplain) on Feb 02, 2004 at 23:34 UTC
Dear AnonyMonk, This is just a friendly reminder, as per your request, to log in. First you need to log in before you post and then again you need to log in before you post a message to let us know that it was your post in the first place :P On a serious note, I find it easier to tell what I'm doing if I have my own style sheet activated in my User Settings. Then I can tell my 'logged in' tab from my annonytab. If you don't want a full blown style sheet, consider just applying a background color. Then you can quickly see which is which. Cheers! BigLug	[reply]