SPUG: Perl FUD
ced at carios2.ca.boeing.com
ced at carios2.ca.boeing.com
Tue Jul 25 14:04:27 CDT 2000
BOSS: "Given security issues, is it a good idea to be using PERL for our
tools?"
> Does anyone have any good advice on how to respond to this? Keep in
> mind that this guy is my boss :-).
I'm not sure what security concerns he's been misinformed
about but Perl has an enviable reputation for its security
mechanisms. If you need a published cite:
"Practical Unix Security" by S.Garfinkel & Gene Spafford
That's a bit dated I suppose but Perl's taint checking is
still a safeguard unmatched elsewhere. Forked processes via
magical opens provide a device to isolate dangerous operations.
The latest perl offers a strategy to foil possible security
flaws that can occur due to temporary files.
If that's not enough there's the under utilized Safe module
which allows you to compile and execute code in restricted
compartments. Carefully reading the perlsec docs will
reveal more.
Rgds,
--
Charles DeRykus
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
POST TO: spug-list at pm.org PROBLEMS: owner-spug-list at pm.org
Subscriptions; Email to majordomo at pm.org: ACTION LIST EMAIL
Replace ACTION by subscribe or unsubscribe, EMAIL by your Email-address
For full traffic, use spug-list for LIST ; otherwise use spug-list-digest
Seattle Perl Users Group (SPUG) Home Page: http://www.halcyon.com/spug/
More information about the spug-list
mailing list