Giles Bowkett wrote:
> On 6/23/07, Stefan Rusterholz <apeiros / gmx.net> wrote:
>> Giles Bowkett wrote:
>> >> Don't use eval. There is no need in this example.
>> >
>> > Why's everyone so scared of eval? Yes it can destroy your system
>> > completely and forever, but life's short. Might as well enjoy it.
>> > Drive without your seat belt. Go to wild parties. Use eval().
>>
>> Do you tell that your customers too?
> 
> Of course not. That's a rude, ridiculous question.

I don't think it was rude. Assuming your application is in some way 
responsible for sensitive data then creating a security hole with eval 
is incompetence at best and willful endangerment at worst. Explaining 
the reason of the loss of sensitive data to an affected customer without 
lying could be a bit difficult.
Also, IANAL, but I think in my country you could (theoretically - 
practically it's probably a bit too difficult to prove) even be held 
responsible for sensitive data lost, compromised or stolen through such 
a security hole. So I'm quite serious about that.
But my apologies if it offended you.

> I wouldn't recommend eval() in production code, without bulletproof
> ways of keeping it clear of user input, but I find it a lot *more*
> concise and a lot *easier* to debug. Certainly the code examples in
> this thread which use eval are slimmer than the non-eval versions. (To
> my eyes, they're also clearer.) To each his own, I guess.

Ok. Different opinions obviously, no issue with that :)

Regards
Stefan

-- 
Posted via http://www.ruby-forum.com/.