Good comments. On the sysopen() issue, I'd like to note that you can also just use something like:

    open( FILE, "< $filename\0" )
[download]

The leading mode ("<" in this case but can be many other modes like ">>" or "+<"), the separating space (between the mode and the file name), and the trailing null ("\0"), when all present together, prevent interpretation of the file name. So pipes ("|") or greater thans (">") in the $filename string won't cause Perl to spawn a subprocess or write to a file that you wanted to read from. This works even in Perl4.

Checking the documentation for this I find that modern versions of Perl also support:

    open( FILE, "<", $filename )
[download]

I find no reference to the old method that I described above. I suspect that this is because it has been removed from the documentation not because it has been removed from Perl (because the latter would be sad, replacing a solution that ports to old versions of Perl with one that doesn't). I'll have to do some checking and report back.

Using these can be more convenient than using sysopen() while still closing the same security holes.

        - tye (but my friends call me "Tye")