On 6/23/07, Stefan Rusterholz <apeiros / gmx.net> wrote:
> Giles Bowkett wrote:
> > On 6/23/07, Stefan Rusterholz <apeiros / gmx.net> wrote:
> >> Giles Bowkett wrote:
> >> >> Don't use eval. There is no need in this example.
> >> >
> >> > Why's everyone so scared of eval? Yes it can destroy your system
> >> > completely and forever, but life's short. Might as well enjoy it.
> >> > Drive without your seat belt. Go to wild parties. Use eval().
> >>
> >> Do you tell that your customers too?
> >
> > Of course not. That's a rude, ridiculous question.
>
> I don't think it was rude. Assuming your application is in some way
> responsible for sensitive data then creating a security hole with eval
> is incompetence at best and willful endangerment at worst. Explaining
> the reason of the loss of sensitive data to an affected customer without
> lying could be a bit difficult.

I thought Giles was joking...