On Mon, Apr 14, 2008 at 12:32 PM, Robert Dober <robert.dober / gmail.com> wrote:
> On Mon, Apr 14, 2008 at 4:42 PM, Marc Heiler <shevegen / linuxmail.org> wrote:
>  > > I however wonder if the need of doing metaprogramming to
>  >  > find your classes is really a good sign for your design.
>  >
>  >  I am not to judge about his design, but I believe using .send and
>  >  Object.const_get is not really "metaprogramming". They seem
>  >  to be perfectly valid Ruby idioms.
>
>  Oh I did not want to judge, I am always having strong opinions loosely
>  hold (C) Rick de Natale ;).
>  I am also open to discussion where metaprogramming begins.

Whether or not send and const_get are metaprogramming aside, I think
the real issue here is security.

Using strings which come from a user and arbitrarily getting a class
or sending a message can open Pandora's box.

Not that it's to be avoided completely, just that it raises a flag to
think about the security aspects.

-- 
Rick DeNatale

My blog on Ruby
http://talklikeaduck.denhaven2.com/