2009/1/23 ben perl <ben.pe...@gmail.com>:
> Hi Chas,
>
> Can you give me an example when one would be used over the other? So, is
> require used more for efficiency, so we load the module only if we need it?
> Thanks,
> -Ben
>
Many time we need 'require' not 'use'.
For example, given this .pm:
package mylib;
require Exporter;
our @ISA = qw/Exporter/;
our @info;
our @EXPORT = qw/@info/;
@info = `a_system_command`;
1;
and this cgi script:
use CGI;
use CGI::Session;
use mylib;
our @info; # should be imported from mylib
my $q = CGI->new;
my $session = get_session();
print $session->header();
if (my $user = $session->param('user') ) { # user has logined
print_the_info(\...@info);
} else { # user has not logined
print("not logined");
}
what will happen under this case? it's a huge security problem.
because even a user is not logined, when he execute that cgi script,
the script will run mylib.pm and import the symbols at compiling time.
if "a_system_command" is a CPU senstive command, that will make DOS
attack to webserver.
OK let's modify the cgi script to:
use CGI;
use CGI::Session;
# use mylib; # don't use it here
our @info; # should be imported from mylib
my $q = CGI->new;
my $session = get_session();
print $session->header();
if (my $user = $session->param('user') ) { # user has logined
require mylib;
mylib->import; # require and import it after user has logined
print_the_info(\...@info);
} else { # user has not logined
print("not logined");
}
in this version of cgi, the security problem was fixed.
only when user has logined, mylib.pm was executed and symbols were imported.
this is because 'require' is executed at running time, but 'use' is
executed at compiling time.
I hope this helps to you.
Ralf.
--
To unsubscribe, e-mail: beginners-unsubscr...@perl.org
For additional commands, e-mail: beginners-h...@perl.org
http://learn.perl.org/
