in reply to storing perl code in database

Perhaps I'm paranoid, but I'd worry about evaling stuff straight out of a database... do you have sufficient controls to ensure that someone cannot put Bad Stuff (tm) in the database ?

Unless there's a need for rapid and frequent extensions, where you really have to build this out... I'd favour storing some sort of name in the database, and mapping that at run time to the relevant routine -- with careful validation of any arguments (of course).

Replies are listed 'Best First'.
Re^2: storing perl code in database
by sflitman (Hermit) on Nov 18, 2008 at 03:31 UTC
    At present I have absolute security, in the sense that only someone with root access to the server could modify the _perlsub data inappropriately.

    At the same time, I know how lame that sounds!

    I kind of like the idea of the database holding stubs, with the code in an external file...but then that comes down to just using .pm files again.

    SSF

[reply]

In Section Seekers of Perl Wisdom