The problem with code in the database is ... the database. If there is a vulnerability in the way you store things in the database, a malicious user could execute arbitrary code on your server through the pipe you open. a.instance_eval "`uname -a`" ---> print system name a.instance_eval "`whoami`" ---> print user name ... explore, find a security weakness, create an account, go in and steal the house ! It is good practice to keep some doors closed, just in case. Gaspard 2008/4/4, Peter Marks <petertmarks / gmail.com>: > ara.t.howard wrote: > > there are many easy ways to handle this > > > > i don't know what you mean by 'string function' but: > > > Thanks for your response. All I mean by 'string function' is a bit of > code that produces a string. Using my example, 'person.name' and > 'person.name.upcase' are different string functions. I don't know if I'm > using the right terminology, but that's what I mean. If I was to define > all of these 'string functions' as individual methods, it would be a lot > of additional hard code and I would still have these method names locked > into the db. > > -- > Posted via http://www.ruby-forum.com/. > >