> -----Original Message-----
> From: Matt Sergeant [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 05, 2000 12:25 PM
> To: Stas Bekman
> Cc: Geoffrey Young; '[EMAIL PROTECTED]'; 'Vivek Khera'
> Subject: Re: [new module] Apache::Dispatch
>
>
> On Mon, 5 Jun 2000, Stas Bekman wrote:
>
> > On Mon, 5 Jun 2000, Geoffrey Young wrote:
> >
> > > hi all...
> > >
> > > I'm not sure if some you remember the idea Vivek and Matt
> had about creating
> > > a handler that mapped, say, http://localhost/Foo/doit to
> Foo->doit()
> > >
> > > anyway, the relevant part of the thread, including some
> code, can be seen
> > > here:
> > >
> http://marc.theaimsgroup.com/?l=apache-modperl&m=95598609306936&w=2
> > >
> > > I was thinking of officially implementing the idea and
> wanted to get some
> > > design feedback first...
> > >
> > > My thoughts so far:
> > >
> > > * limit the response to content handling phase only
> (I'm not really
> > > sure of what utility other phases would be anyway)
> > >
> > > * limit the top-level qualifier for the module that can
> be executed,
> > > but give this control to the user.
> > > perhaps using PerlAddVar to allow only Apache::, Foo::, etc
> > > modules only is safe enough?
> >
> > Geoff,
> > I think you will open a Pandora box by releasing this
> module. I don't see
> > it'd give some real savings, but users will get hurt, badly. You
> > shouldn't let the control into user hands! (I mean the
> clients!) There
> > will be alway a module that you will not know about, or a
> function/method
> > inside it you won't think about.
>
> It shouldn't be dangerous at all if you specify:
>
> PerlSetVar DispatchPrefix MyModule
>
> Then http://localhost/Foo/bar
>
> calls MyModule::Foo->bar()
oh, I hadn't thought of using that combination. I guess that would also
hide the full package names from the outside and would add an extra level of
security...
>
> --
> <Matt/>
>
> Fastnet Software Ltd. High Performance Web Specialists
> Providing mod_perl, XML, Sybase and Oracle solutions
> Email for training and consultancy availability.
> http://sergeant.org http://xml.sergeant.org
>
