Dave Storrs said:
> On 3 May 2001, Ilya Martynov wrote:
> > >> You can serialize/deserilize object with Storable
> > >>
> > >> $foo = new Bar
> > >> store_fd $foo, \*SOCKET;
> > >>
> > >> and on the other end
> > >>
> > >> $foo = retrieve_fd \*SOCKET;
> > >> $foo->bar;
> > >>
> > >> It will work if you have Bar module on both ends.
> >
> > DS> Right, but I want it to work if you don't...
> >
> > Then maybe SOAP::Lite? SOAP allows to serialize/deserialize objects
> > and make remote call. SOAP::Lite makes it quite transparent.
>
>
> Errm...wasn't (something like) this discussed just recently and
> deemed a massive security hole? If I download a program, I don't want to
> have to inspect every line of source to make that it won't download some
> bizarre Trojaned module (or even an object instantiated from that module,
> which is worse because it leaves fewer traces by not writing to disk) from
> some far corner of Script Kiddie Land.
Java's Classloaders and SecurityManagers illustrate one solution to this
problem. Being able to set a security policy for various sources of code
solves much of this problem.
~ j. // The Almighty in His infinite wisdom did not see fit to
// create Frenchmen in the image of Englishmen.
// -- Winston Churchill, 1942
