in reply to Re^2: how to read data from a URL
in thread how to read data from a URL

Using IO::All reopens all the security holes that the three argument form of open fixes. Of course, in the sense of universality, IO::All is just like PHP, which also has these problems of being able to launch a process or access a foreign website via an open with an unguarded filename, so there is no loss by using IO::All, but especially when writing applications that are publicly accessible, it's better to have less magic.

Replies are listed 'Best First'.
Re^4: how to read data from a URL
by Mutant (Priest) on May 15, 2007 at 11:04 UTC
    Interesting. It does highlight a bit of a problem with CPAN though. i.e. If the module authors decline to put such information into the docs, how does a casual Perl programmer know about the risks?
[reply]

      I guess there's little replacement for thinking for yourself.

      Also, I'm unaware that Ingy has declined to put such information into the module documentation. It's obvious that IO::All allows you to do that, and I guess most users of IO::All want this cute flexibility.

[reply]

      If the module authors decline to put such information into the docs, how does a casual Perl programmer know about the risks?

      I believe this was the reason for annocpan. Look at the upper right hand corner of IO::All. You should see a link to annocpan for IO::All. Unfortunately, no one has annotated IO::All.

      -derby
[reply]
        Yeah, annocpan is cool. But even if there was something posted there, a lot of people wouldn't bother to look at it.
[reply]
Re^4: how to read data from a URL
by clinton (Priest) on May 15, 2007 at 10:47 UTC
    Thanks Corion - skim-reading the docs was clearly insufficient.
[reply]

In Section Seekers of Perl Wisdom