I can certainly understand why someone would want to keep Registry
or Embperl-enabled scripts in directories reserved for trusted sys-
tems people.
But it shouldn't be a tremendously big deal to allow people to use
pre-written modules using directives like 'PerlHandler', right?
Trouble is that people can install malicious handlers:
PerlAuthenHandler "sub { system('Do something bad'); return OK; }"
Is there a way to block this sort of thing without totally eliminat-
ing the ability to do useful things like:
PerlAuthenHandler Apache::Some::Local::Auth::Module
(I don't want to have to create <Directory> blocks for everyone who
wants to use a local auth module.)
Or is there at least a way to log what's going on in such a way
that if something bad does happen, it's easy enough to figure out
who the culprit was?
--
Richard Goerwitz
PGP key fingerprint: C1 3E F4 23 7C 33 51 8D 3B 88 53 57 56 0D 38 A0
For more info (mail, phone, fax no.): finger [EMAIL PROTECTED]
