in reply to Safe Code?

Hi,

I kindof agree with BUU here. From a security perspective there is a constant out pouring of exploits and potential hacks but the reality is that a lot of them are effectivly useless unless you are sitting down at the box, i.e. instead of running the exploit you could easily go "format c: /q". Don't get me wrong, I'm constantly looking at the exploits and the security workarounds & patches as we look after some financials, but I still think there is a lot of FUD out there(Fear, Uncertainty, Doubt).

I would think that while the author of Safe considers it unsafe (sounds weird really:-) it may be better then not using it at all.

Saying that I've never used it in production code, but then again I have never needed to with the programs I write.

just my 2 cents.

Displeaser

Replies are listed 'Best First'.
Re^2: Safe Code?
by adrianh (Chancellor) on May 24, 2005 at 15:42 UTC
    I would think that while the author of Safe considers it unsafe (sounds weird really:-) it may be better then not using it at all.

    I'm not so sure. The promise of Safe.pm was that it would provide safe compartments for code to be evaluated in. The history of Safe.pm means that I'm very skeptical that this is true.

    So if somebody uses Safe.pm and thinks "fantastic - all my security problems with remote code are solved" then I think they're probably going to be surprised at some point. A better solution would be a design that avoids running potentially insecure code at all.

[reply]

In Section Seekers of Perl Wisdom