#!/usr/bin/ruby , #!/usr/bin/ruby -w , #!/usr/bin/ruby -T?, #!/usr/bin/ruby -T1...

[anne001]

""All external data is dangerous. Don't let it close to interfaces that
can modify your system."
http://www.rubycentral.com/book/taint.html

what does #!/usr/bin/ruby -w do?

is #!/usr/bin/ruby -T1 the same as -T with $SAFE=1?

Why not always use -T with a safety level of at least 1?

"Walter should have run his CGI script at a safe level of 1,This would
have raised an exception when the program tried to pass form data to
eval"
In what log file do exceptions show up?

"He could have chosen to implement a proper expression parser,
bypassing the risks inherent in using eval."
Does that mean defining in advance the expressions the use can enter?
like phone systems, do you want agent, billing, etc?

 

[ts]

a> what does #!/usr/bin/ruby -w do?

it make ruby more verbose

moulon% ruby -e 'p (1)'
1
moulon%

moulon% ruby -we 'p (1)'
-e:1: warning: (...) interpreted as grouped expression
1
moulon%

a> is #!/usr/bin/ruby -T1 the same as -T with $SAFE=1?

'#!/usr/bin/ruby -T' is the same than '#!/usr/bin/ruby -T1'

#!/usr/bin/ruby -T1

set $SAFE = 1 when ruby process the argument

a> Why not always use -T with a safety level of at least 1?

Except with -T0, if you use -T you have fatally a safety level of at
least 1