And, instead of Data-Dumper format, you should strongly consider YAML,
Depends on the nature of the data being dumped. If its complex YAML doesnt have a prayer. If its simple config type stuff with minimal self references, and no aliasing then YAML is a suitable choice. And if the intention is for user readability then YAML is not a bad route to go, but then again nor is Config::IniFile
which not only dumps and restores faster
Where does this meme come from? All the benchmarks ive seen show YAML gets killed by Data:Dumper. If you stand by this assertion please back it up. I will however grant that YAML is more secure in terms of undumping however.
For pure Perl dumping, use the now-core Storable module for maximum speed and greatest economy of space.
And to boot it is the most accurate dumper currently out there (although it makes no claim to dump globs,) and is completely secure (from eval style attacks anyway, I havent reviewed it for other attacks).
Update: Oh, I should mention that providing an undumper based on the ideas in your column (which you kindly pointed out to me a year ago due to a P::RD node I wrote,) for my new Dumper code (which shall go unnamed for the moment) is on my TODO list. Parsing arbitrary perl may be a near impossible task, but validating that a piece of text was consistant with a Dumper grammar (ie could have been emitted by Dumper) shouldn't be, which then allows Perl to actually handle the conversion without introducing safety problems or requiring things like a Safe container.
First they ignore you, then they laugh at you, then they fight you, then you win.
-- Gandhi
In reply to Re: •Re: use Safe ; Any Thwarted Attacks?
by demerphq
in thread use Safe ; Any Thwarted Attacks?
by ptkdb
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |