Re^3: What restrictions are there on code execution when running perl in syntax check mode?

Actually I think it comes down to what is safe or not, to me what is safe is code I have read through and understand, the typo's are I think outside of what the safe issue is about. Either you have code checks and you read through and follow the flow and understand what it is doing, and have a typo somewhere that can cause unintended behavior.

Or you end up with code that you have no idea what it is doing and it is generating behavior you do not want, and may be entirely unsecure in many respects.

Don't confuse security and proper coding, which I think is what is happening here.

Comment on Re^3: What restrictions are there on code execution when running perl in syntax check mode?

Replies are listed 'Best First'.
Re^4: What restrictions are there on code execution when running perl in syntax check mode? by ELISHEVA (Prior) on Feb 04, 2009 at 16:54 UTC
Security and proper coding are different issues but they are closely related. Improper coding is a significant source of security vulnerabilities. Remember all of those memory overrun attacks that were so popular a few years back?. There are many ways to detect improper coding - reading the code, team code reviews, lint checkers, and ... checks for undefined/mis-spelt variables, mismatches of parameter types. Computers are generally better than the human eye at catching those sorts of things, which is why we write syntax checkers and compilers with rich diagnostics. That feedback isn't just for newbies learning to code. In Perl some of these can only be done at run-time because Perl is a loosely typed language and defines itself as it goes, but even with that limitation Perl does a fairly good job at the task if you use the `warnings` and `strict` pragmas. Even very, very good coders can make dangerous typos. Best, beth.	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^4: What restrictions are there on code execution when running perl in syntax check mode?
by ELISHEVA (Prior) on Feb 04, 2009 at 16:54 UTC

are

There are many ways to detect improper coding - reading the code, team code reviews, lint checkers, and ... checks for undefined/mis-spelt variables, mismatches of parameter types. Computers are generally better than the human eye at catching those sorts of things, which is why we write syntax checkers and compilers with rich diagnostics. That feedback isn't just for newbies learning to code.

In Perl some of these can only be done at run-time because Perl is a loosely typed language and defines itself as it goes, but even with that limitation Perl does a fairly good job at the task if you use the warnings and strict pragmas.

Even very, very good coders can make dangerous typos.

[reply]
[d/l]
[select]