On Mon, Dec 5, 2011 at 1:06 PM, Desilets, Alain <alain.desil...@nrc-cnrc.gc.ca> wrote: > I’m a complete newbie to mod_perl, and after reading the following > documentation: > > http://perl.apache.org/docs/1.0/guide/porting.html > > I am scared witless by the fact that many variables don’t get reinitialized > between calls to the CGI scripts. > > Particularly scary is the example provided on that page, where the > authentication status is stored in a global variable that doesn’t get > reinitialized. In that example, if Joe logs into the system, and Jane then > runs the script, she can get access to the system also without every logging > in, because Joe’s authentication status is still there. YIKES!
If you read through the entire example, you will see the point of the example is to show what can happen from bad programming. "Because of sloppy programming, a global variable was not reset at the beginning of the program and voila, you can easily peek into someone else's email! Here is an example of sloppy code" > But I’m not convinced, because package variables are not reinitialized > either! "The solution is trivial--reset $authenticated to 0 at the beginning of the program." > But… we don’t have control over how third party modules were implemented, > and we use A LOT OF THEM. So I am still very concerned about that, because > we could end up using a third party module that makes use of package > variables in a way that is not mod_perl friendly. You're always free to write your own modules which you have complete control over. Most developers find it useful to use CPAN modules which are generally high quality. > Am I being too conservative here, or am I right to be that nervous? I do not think you are justified in stating that mod_perl is 'extremely dangerous'. > What precautions can we take to prevent this sort of thing from happening? If you are just starting out with mod_perl, I would skip over the porting documentation and go straight to the mod_perl2 specific documentation. I would also suggest reviewing the following links for mod_perl development best practices http://perl.apache.org http://www.modperlcookbook.org/ http://modperlbook.org/
