On Tue, 19 Sep 2000, Richard Goerwitz wrote:
> I can certainly understand why someone would want to keep Registry
> or Embperl-enabled scripts in directories reserved for trusted sys-
> tems people.
>
> But it shouldn't be a tremendously big deal to allow people to use
> pre-written modules using directives like 'PerlHandler', right?
>
> Trouble is that people can install malicious handlers:
>
> PerlAuthenHandler "sub { system('Do something bad'); return OK; }"
>
> Is there a way to block this sort of thing without totally eliminat-
> ing the ability to do useful things like:
>
> PerlAuthenHandler Apache::Some::Local::Auth::Module
This is one of the things that mod_perl 2 has planned.
--
<Matt/>
Fastnet Software Ltd. High Performance Web Specialists
Providing mod_perl, XML, Sybase and Oracle solutions
Email for training and consultancy availability.
http://sergeant.org | AxKit: http://axkit.org
