We’ve developed an open web API using Apache and mod_perl, where you can pass

Question

Asked: May 23, 20262026-05-23T22:28:46+00:00 2026-05-23T22:28:46+00:00

We’ve developed an open web API using Apache and mod_perl, where you can pass text created by Data::Dumper to make requests.

Our data generally looks like this:

$VAR1 = {
    'OurField' => 'OurValue'
};

Currently, I noticed we’re using an eval to get the data back into a Perl hash server side:

my $VAR1;
eval $our_dumper_string;
#$VAR1 is now filled with hash value

The problem with this, is it is a major security issue. You can pass malicious perl code in there and it will run server side…

It there a better way to safely take a Data::Dumper string and turn it into a hash?

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-05-23T22:28:47+00:00

Editorial Team

Yes. Use JSON::XS and use JSON rather than Data::Dumper format. That is much more compatible with other web APIs

The Archive Base Latest Questions