Safe Languages :-)
Paul Fenwick
pjf at perltraining.com.au
Sat Apr 3 00:42:32 CST 2004
G'day Alfie,
Alfie John wrote:
> How about using split() to find parse each statement and then use eval()
> if the statement falls within an allowable list? This way, perl is being
> used, but only an allowable subset.
Parsing Perl is an extremely difficult task. Only allowing a limited
subset of operations is a Good Idea, but not using the method you've
described.
Perl has the Safe module, which allows you to create a compartment with
limited capabilities, and I believe Scotty mentioned this in his
original post. Using Safe is arguably a much better way to do things --
it means you can use Perl to parse Perl, and the ability to block
operations is done within Perl itself.
I personally favour the 'no ops' pragma, to irrevocably relinquish
rights immediately. This is much more straightforward than using Safe,
although it applied to everything, rather than just compartments as does
Safe.
Yes, I'll do be doing a talk about this all at Melb.PM/SAGE-AU. ;)
Cheers,
Paul
--
Paul Fenwick <pjf at perltraining.com.au> | http://perltraining.com.au/
Director of Training | Ph: +61 3 9354 6001
Perl Training Australia | Fax: +61 3 9354 2681
More information about the Melbourne-pm
mailing list