>>>>> "R" == Rick DeNatale <rick.denatale@gmail.com> writes:
R> This is dangerous if the path argument is coming from a user, say in a
R> web application, because it opens a security exposure. There have
Well not really if ruby run with $SAFE > 0, because in this case it will
give an error
moulon% ruby -e '$SAFE = 1; a = "aa".taint; open(a)'
-e:1:in `initialize': Insecure operation - initialize (SecurityError)
from -e:1
moulon%
R> been several exploits of web applications written in perl which take
R> advantage of perl's open function.
Perhaps there is an incompatibility between "web applications" and
"security" ...
Guy Decoux