On Tue, Jan 11, 2011 at 10:44, Ohad Levy <[email protected]> wrote:
> Why not simple render templates with puppet with safemode templating [1]?
Last time I looked I didn't find this, if it was available. That was
several major versions back though.
> this will avoid things like <%= File.read "/etc/shadow" %> and such,
> additionally, it can whitelist which params are allowed to
> be accessed within the template.
Hrm. One of the ... useful by coincidence features of templates is
that they can do a lot more than native code, for better or worse. I
don't object, but I suspect there is a design decision in there.
It would be nice if you could add that suggestion to the ticket,
though; if you don't I will get to it some time.... :)
Regards,
Daniel
--
✉ Daniel Pittman <[email protected]>
⌨ [email protected] (XMPP)
☎ +1 503 893 2285
♻ made with 100 percent post-consumer electrons
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
