Sorry. I guess I should have said it can be dangerous if others have access to it. Perhaps my own prejudices. I tend to be wary of things that execute code (or in this case, arbitrary subroutines) without any checking of the input other than "does the function exist". That's all.

The security issue is "not validating user input" (under certain circumstances) and not "making a string into a subroutine call". If the subroutine cannot be resolved, perl will complain (i.e. die), and done. So "validating user input" doesn't apply in the OP's context.

It is just what your shell is doing, day in, day out.

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Once again, just my paranoia. I dig what you're saying. Perhaps "authorization" is a better representation of what I was thinking. A wee bit beyond the scope of this, yes. Didn't mean to muddy the waters.

My first job was writing Perl that many other people ran to do their work and I was always conscious of the "damage" they could do with my scripts... so I find myself functioning on paranoia level 42 at all times. ;)

Obviously this isn't the issue here.

--
meraxes

I am running it, and it is my input, so I know where it is coming from: from me. And if I am not trustworthy for myself, who is?

I'm with meraxes on this one but of course ymmv. :-)