Robin Houston wrote:
>
> On Mon, Jan 15, 2001 at 12:31:17PM +0000, Simon Wistow wrote:
> > basically it automagically intercepts subroutine calls and checks to see
> > if the current user has permissions for the subroutine and returns undef
> > if you don't have access to it. You could also extend it to variables.
>
> There are loads of ways that a user could get round this though.
> It's not secure at all, but maybe it's not meant to be (?)
How would the user get round this? I mean sure they could if they had
access to the source code but ...
I'm writing something at the moment that's got lots of
sub do_summat
{
my ($self, $userid, $arg1, $arg2) = @_;
return access_denied('do_summat') unless (grep {/^$userid$/}
$self->acl->{do_summat});
}
so this was just a way of automating that. Can't think how Symbol::ACL
would be less secure than the example above.
But then I'm unbelievably hungover at the moment.
Puzzled of Battersea
- Re: Access Control Lists and Functions David Cantrell
- Re: Access Control Lists and Functions Simon Wistow
- Re: Access Control Lists and Functions Andy Wardley
- Re: Access Control Lists and Functions Greg McCarroll
- Re: Access Control Lists and Functions Tony Bowden
- Re: Access Control Lists and Function... Greg McCarroll
- Re: Access Control Lists and Functions Simon Wistow
- Re: Access Control Lists and Functions Robin Houston
- Re: Access Control Lists and Functions Simon Wistow
- Re: Access Control Lists and Functions Mark Fowler
- RE: Access Control Lists and Functions Matthew Jones
- Re: Access Control Lists and Functions Greg McCarroll
- Re: Access Control Lists and Functions Leon Brocard
- Re: Access Control Lists and Functions Robin Houston
- Re: Access Control Lists and Functions Philip Newton
- Re: Access Control Lists and Functions Robin Houston
- Re: Access Control Lists and Functions Philip Newton
