It is only a security hole if you eval user input.
-- Clive Eisen GPG: 75056DD0 > On 30 May 2017, at 17:00, Hiram Gibbard <hgibb...@gmail.com> wrote: > > I might be hijacking this... Sorry, but...I recently used the Perl eval > function to determine if a ldap search returned a error or not. Basically, a > user's record has a attribute that points to a assistant, and If that > assistant no longer exists the app was throwing a error since it executed a > ldap call to that assistant's record. So I used eval to check if the error > was returned, and if so, skipped the function where it tied searched the > assistant record in ldap. Is this the same eval scenario you described which > has a security whole? > > > I was just reading everyone's reply and now I am worried I created a security > hole. > > Thanks > > On Tue, May 30, 2017 at 10:04 AM, Dirk-Willem van Gulik <di...@webweaving.org > <mailto:di...@webweaving.org>> wrote: > > > On 30 May 2017, at 16:58, p...@cpan.org <mailto:p...@cpan.org> wrote: > > > > On Tuesday 30 May 2017 15:53:13 James Smith wrote: > >> String eval should be avoided at all costs [especially if you parse user > >> input] - functional eval is different - and is a good model for catching > >> errors etc > > > > Yes, string eval should be avoided in all usage. But this discussion was > > about that functional eval. > > Aye - right you are - apologies for causing confusing and missing the (/{. > > Dw. > > > > -- > Hiram Gibbard > hgibb...@gmail.com <mailto:hgibb...@gmail.com> > http://hiramgibbard.com <http://hiramgibbard.com/> >
