Sebastian Hungerecker
12/16/2007 9:22:00 AM
Tim Hunter wrote:
> Well, you can certainly use the eval method, which just executes a
> string as Ruby code, but there is some risk involved. You probably
> wouldn't want to allow somebody to type
>
> system('del *.*')
>
> for example.
Why not? I mean the user wouldn't type something like this without knowing
what it means/does. So if he wants to delete all his files why not let him?
Of course it's different when the script runs on another system than the user
is on, but since the op mentioned getting input from the user via gets, I
assume this is not the case here.
--
Jabber: sepp2k@jabber.org
ICQ: 205544826