Rich, I'm with Yehuda on this one, you really shouldn't let users run arbitrary code. I'd suggest you use one of the available tools such as liquid or kwartz, otherwise, it's a recipe for disaster.
Also, the run_later solution might be tricky, since the thread might start before the request is done + run_later doesn't on passenger... anyways, as I said, you should use a safe template language. - Matt On Wed, Jan 28, 2009 at 9:39 AM, Ezra Zygmuntowicz <[email protected]>wrote: > > Hey Rich- > > > On Jan 28, 2009, at 9:29 AM, Rich Morin wrote: > > > > > As I understand it, Merb has a master process which spawns off > > some number of worker processes, respawning whenever a worker > > dies. I'm assuming that the master loads in (or at least could > > load in :-) all of the code that a worker will need, then does > > a fork. So, this should be a fast operation. (Please let me > > know if I'm mistaken on this!) > > > > > > I'd like to use this respawning behavior to ensure that no > > request can affect the behavior of a following request (eg, by > > defining a method). > > > > Specifically, I'd like to have the worker process exit as soon > > as the response has been sent to the client. This should cause > > the master process to spawn a (fresh) replacement worker. Is > > there an API-friendly way to make this happen? If not, could I > > have a pointer to the relevant code? > > > > -r > > > > > > P.S. This is an odd request, so I'll explain a little. In my > > app, untrusted code is being evaluated via Erubis. I've been > > able to confirm that code running in one request can define a > > method that a following request can use. I want to prevent > > this behavior; making the worker exit seems like a plausible > > way to do so... > > > Yes you can easily do this. What happens is that the master loads > up > all the framework and gem dependecny code and then forks and the > children load your application code which is a relatively cheap > operation. > > So to get what you want to happen all you need to do it call > exit(128) from your app after the request is served. You could do > this from a run_later block > > Cheers- > > Ezra Zygmuntowicz > [email protected] > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "merb" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/merb?hl=en -~----------~----~----~----~------~----~------~--~---
