[REBOL] Re: [load vs load/all] [how to//handle untrusted data] load v load/all - CGI security & word consumption
From: gabriele::colellachiara::com at: 17-Nov-2004 11:59
Hi Peter,
On Wednesday, November 17, 2004, 7:12:42 AM, you wrote:
PWW> The basic premises are that it's more secure to use load/all when
PWW> reading "untrusted" data and that using load/all eats up available
PWW> words.
The first assumption is only true in older versions of REBOL; the
second is false, not in the sense that new words do not use space,
but in the sense that this happens with a normal LOAD too. Also,
in newer versions of REBOL the word limit has been increased, so
unless you are doing something like the example you provided and
intentionally creating a lot of different words, this is not a
problem.
Note that using TO BLOCK! instead of LOAD you do not use space in
the global context because it does not bind the words. This is
probably safer than LOAD for untrusted data because since the
words are not bound, you don't risk anything even if you
accidentally evaluate them.
>> to block! "quit"
== [quit]
>> do to block! "quit"
** Script Error: quit word has no context
** Near: quit
Regards,
Gabriele.
--
Gabriele Santilli <[g--santilli--tiscalinet--it]> -- REBOL Programmer
Amiga Group Italia sez. L'Aquila --- SOON: http://www.rebol.it/