On Fri, 28 Jul 2000, Geoffrey Young wrote:
> The URL
>
>
> http://morpheus.laserlink.net/~gyoung/modules/Apache-Dispatch-0.01.tar.gz
>
> has entered CPAN as
>
> file: $CPAN/authors/id/G/GE/GEOFF/Apache-Dispatch-0.01.tar.gz
> size: 5170 bytes
> md5: acee515fc8d19223f017c8380cae5b26
>
> well, after the conference, I felt motivated to do some stuff. Then I got
> on the red-eye and spent the early part of this week recovering :)
>
> anyway, Apache::Dispatch is a module we've talked about before and that I've
> been meaning to get to for a while, but just found the tuits this week.
>
> Hopefully, it addresses some of the safety concerns expressed a few months
> ago about such a concept. consider it REAL alphaware for the moment - it
> works (at least for me), but until everyone pokes around it some and looks
> for holes it may not be entirely safe.
>
> that said, if people are listening beyond the template traffic, here is the
> README...
Hmm... I'm not convinced of the security yet, although I'm tired so bear
with me if I missed something in my reading of this. I thought we'd agreed
that you needed at least two things: Namespace prefixes and method
prefixes. If you don't require namespace prefixes you're going to get
someone finding horrible exploits like using File/Find/find or something
horrid, and if you don't require function prefixes someone is likely to
find an exploit another way, and it doesn't allow you to have private
functions...
Let me know if I'm way off, or missed something in the docs.
--
<Matt/>
Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org | AxKit: http://axkit.org
