Safe Languages :-)

Paul Fenwick pjf at
Sat Apr 3 00:42:32 CST 2004

G'day Alfie,

Alfie John wrote:

> How about using split() to find parse each statement and then use eval()
> if the statement falls within an allowable list? This way, perl is being
> used, but only an allowable subset.

Parsing Perl is an extremely difficult task.  Only allowing a limited 
subset of operations is a Good Idea, but not using the method you've 

Perl has the Safe module, which allows you to create a compartment with 
limited capabilities, and I believe Scotty mentioned this in his 
original post.  Using Safe is arguably a much better way to do things -- 
it means you can use Perl to parse Perl, and the ability to block 
operations is done within Perl itself.

I personally favour the 'no ops' pragma, to irrevocably relinquish 
rights immediately.  This is much more straightforward than using Safe, 
although it applied to everything, rather than just compartments as does 

Yes, I'll do be doing a talk about this all at Melb.PM/SAGE-AU.  ;)



Paul Fenwick <pjf at> |
Director of Training                   | Ph:  +61 3 9354 6001
Perl Training Australia                | Fax: +61 3 9354 2681

More information about the Melbourne-pm mailing list