Miscellaneous Insecurities and Prevention in Perl

Perl Insecurities and Prevention – Part 7

Perl Course

Foreword: In this part of the series, I talk about Miscellaneous Insecurities and Prevention.

By: Chrysanthus Date Published: 23 Nov 2015

Introduction

This is part 7 of my series, Perl Insecurities and Prevention. The word, miscellaneous, means features that do not really fit in a particular category. In this part of the series, I talk about Miscellaneous Insecurities and Prevention. You should have read the previous parts of the series before coming here, as this is a continuation.

Regular Expression
Perl’s regular expression can rather easily consume large amounts of both time and memory if the regular expression may match in several ways. Careful crafting of the regular expressions can help but quite often there really is not much you can do.

The eval Function
The two main syntaxes for the eval() function are:

eval EXPR
eval BLOCK;

The first syntax is evaluated at run time. The second syntax is compiled. The first syntax is more dangerous than the second syntax, because it allows the user to run code at run time, which cannot be checked by the author of the program. The problem with the second syntax is that it can receive inputs that are dangerous at run time.

I do not use the first syntax. I use the second syntax only to check errors; and I do not use it in a module.

First Preventive Measure
The first preventive measure to take for any program is not to give any user or group that you do not trust, write permission. If you do that, they can rewrite your program for you to their advantage.

That is it for this part of the series.

Chrys

Broad Network

Related Articles

Miscellaneous Insecurities and Prevention in Perl

Perl Insecurities and Prevention – Part 7

Perl Course

Introduction

Related Links

Comments