Gunther Birznieks wrote:
> It seems to me that mod_perl wasn't really designed for safety against your
> own developers....
I accept this point. But it's really beside _my_ point, which was that
mod_perl modules can offer critical added functionality to run-of-the-mill
web publishers (whether it be a counter, a new authentication method, a
special content handler, or just some thingie I wrote for them). I think
it would be great to be able to offer web publishers the ability to _use_
those modules without giving them direct access to Perl.
Not all shops consist of a small group of twenty-something developers who
all eat pizza and beer together on Fridays. Many of us operate in hetero-
geneous environments with hundreds, if not thousands, of web "developers"
who are part of our community, and who may really need some custom modules
written for them, but who I can't be bothered monitoring on a day-to-day
basis - and who I don't want to grant blanket access to my server inter-
nals to.
Let me return to my C module analogy. When I compile in mod_auth_dbi, I
am giving users added functionality. But I'm not giving them the ability
to execute arbitrary C code. I think everyone would agree that this is a
useful (no, critical) feature of Apache.
I simply want to be able to do the same thing in Perl with mod_perl. I
want to be able to give developers ("users" - whatever you want to call
them) added functionality, without giving them the ability to execute
arbitrary Perl code.
I'd have no problem if mod_perl was set up to turn off PerlSetEnv, lit-
eral 'sub { ... }' handlers, Perl sections, and the use of Perl modules
in non-system paths (except where ExecCGI is turned on). I don't know
what else would need to be done, but it all strikes me as critical to
the use of mod_perl in shops that don't fit the "pizza and beer" model
that something along these lines be done.
--
Richard Goerwitz [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
