I’ve been having quite a bit of fun with Redis, a lightweight and simple data structure server. It’s easy to install locally, but you can also get a free server from redislabs. Services such as Heroku can spin up Redis instances and use them with your Heroku-deployed Mojo applications. Continue reading “Redis provides lightweight, scalable persistent data structures”
Category: Persistence
The Data::Dumper stack smash (fixed)
Problems with data serializers was a major change to Mastering Perl. The Storable issue with malformed inputs was known for a long time but nobody much cared about it. Now it’s Data::Dumper‘s turn. Continue reading “The Data::Dumper stack smash (fixed)”
New to “Lightweight Persistence”
“Lightweight Persistence” has many changes. I covered Storable in the first edition, but since then it’s security problem has become more widely know. It’s easy to create a Storable file that can run unexpected code, for a couple of reasons.
Since I first wrote this book, YAML and JSON have become much more important, so I cover those. Continue reading “New to “Lightweight Persistence””
The Storable security problem
Recently, people have moved to close, or at least document, a security issue with Storable. This core module serializes and deserializes Perl data structures, and, as in many places in Perl, tries to be more helpful than we really want. In Mastering Perl, I talk about lightweight persistence in Chapter 14; Storable is a big part of that chapter.
There are two major problems. Someone can force Storable to load arbitrary modules, and someone can possibly run unexpected code. Continue reading “The Storable security problem”