web services - Perl web API using Data::Dumper -


we've developed open web api using apache , mod_perl, can pass text created data::dumper make requests.

our data looks this:

$var1 = {     'ourfield' => 'ourvalue' }; 

currently, noticed we're using eval data perl hash server side:

my $var1; eval $our_dumper_string; #$var1 filled hash value 

the problem this, is major security issue. can pass malicious perl code in there , run server side...

it there better way safely take data::dumper string , turn hash?

yes. use json::xs , use json rather data::dumper format. more compatible other web apis


Comments

Popular posts from this blog

javascript - Iterate over array and calculate average values of array-parts -

iphone - Using nested NSDictionary with Picker -

objective c - Newbie question -multiple parameters -