In short: Maybe just adding options to *"dancer2 gen*" is the way. When creating an app, then have the possibility to define these type of parameters.
Peco 2015-03-18 15:55 GMT+01:00 Warren Young <[email protected]>: > On Mar 16, 2015, at 11:58 PM, Gabor Szabo <[email protected]> wrote: > > > > 1) A long time ago when I was teaching at a company and told people to > install some CPAN module, during installation it wanted to open a port on > their computer to run the test. Some of the students were were surprised / > shocked on the security implications. > > Network I/O in a CPAN test is indeed a bit questionable. > > I don’t really see how that has anything to do with Dancer, though. If > you go and install a web app server framework, generate a web app with the > dancer/dancer2 tool, and then *run it by hand*, you are somehow surprised > to find that it is serving a web app?! It’s called the “Web” because it > connects all computers running web servers; you can’t do that by listening > for connections only on localhost. > > I suspect if you did a survey of all the vast number of web app > frameworks, that most of them listen on 0.0.0.0. All of those that run > under Apache and IIS do, for a start. > > What threat model are you actually working with here? Is it something > deeper than just a knee-jerk reaction to an open TCP listener? I mean, > what can a default dancer app actually *do* that worries you? Even if you > go and run it at the root of your filesystem *as root*, it can’t do > anything dangerous like serve up etc/shadow, because it only serves files > from its views and public subdirs. > > > Actually I think I know what I'd like, regardless the defaults: I'd like > the default configuration files to contain commented out entries for every > (or every important) parameter with short explanation and/or with link to > the longer explanation. > > So you want roadblocks. You want the dancer helper app to generate an app > that won’t run at all until you go in and hack on some configuration > files. Do I have that right? > _______________________________________________ > dancer-users mailing list > [email protected] > http://lists.preshweb.co.uk/mailman/listinfo/dancer-users >
_______________________________________________ dancer-users mailing list [email protected] http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
