I want to save ruby code inside a database, retrieve it and execute it. Is it possible to execute a string returned by the database as ruby code?
People succeed in answering Don Miguel de los Platanos's questions 42% of the time (8 successes in 19 attempts).
Answers by: Zachary Holt | awt
It is possible, but it is ill advised, especially if you don't know who has access to the database (e.g., random users).
There are 4 methods in the eval family: eval, module_eval, class_eval, and instance_eval. If you have to resort to one, I would recommend instance_eval. It operates on a given instantiation of a class.
Is there some way you could refactor your code so that you don't have to resort to evaling?
Zachary you are correct. I didn't put enough thought into the security implications of using eval. Even though the application will be used by a few people, its still something I'm not willing to risk , so I've implemented a different solution to my problem.
Regards,
-Miguel