[Israel.pm] how to read a file to a Hash?

Gaal Yahas gaal at forum2.org
Thu Jul 8 11:09:29 PDT 2004


On Thu, Jul 08, 2004 at 08:59:56PM +0300, Gabor Szabo wrote:
> what if someone altered the content of the file to be something like
> system "rm -rf /";
> using Storable for the same purpose is more secure I think.

That's obviously correct in the simple case, but how secure
serialization is ultimately depends on what the remote (or other,
or same-at-a-later-point-in-time, etc.) deserializing process *does*
with the data.

Ran said "read up on serialization", and I completely want to stengthen
his recommendation, but since Storable came up I want to add: please,
please, please use "nstore", and not "store". This should really have
been the default.

-- 
Gaal Yahas <gaal at forum2.org>
http://gaal.livejournal.com/



More information about the Perl mailing list