Robin Houston wrote:
> On Mon, Jan 15, 2001 at 12:31:17PM +0000, Simon Wistow wrote:
> > basically it automagically intercepts subroutine calls and checks to see
> > if the current user has permissions for the subroutine and returns undef
> > if you don't have access to it.  You could also extend it to variables.
> There are loads of ways that a user could get round this though.
> It's not secure at all, but maybe it's not meant to be (?)

How would the user get round this? I mean sure they could if they had
access to the source code but ...

I'm writing something at the moment that's got lots of 

sub do_summat
        my ($self, $userid, $arg1, $arg2) = @_;
        return access_denied('do_summat') unless (grep {/^$userid$/}

so this was just a way of automating that. Can't think how Symbol::ACL
would be less secure than the example above.

But then I'm unbelievably hungover at the moment.

Puzzled of Battersea

Reply via email to