This is more along the lines of a cautionary note than anything else,
but mod_perl isn't exactly a secure system, so I'd be very carefull with this
setup: if you're doing what I think you're doing. Do you trust your users? Are
the allowed to execute perl-code? If so, they could gain access to other
people's files in their www directory.
Are there any modules that are similar to user_dir that are more
configurable? --SC
On Fri, 28 Jan 2000, Jonathan Swartz wrote:
> I have an application where I want the effective DocumentRoot to change
> based on dynamic properties in the request.
>
> In particular, we are creating a number of domain aliases, pointing to the
> same IP address, so that each user can view their own version of the web
> site. e.g.
>
> joe.dev.mysite.com would have doc root /home/joe/www
> dave.dev.mysite.com would have doc root /home/dave/www
>
> etc. I could do this with a set of virtual servers, but then I have to
> change the httpd.conf and restart the server every time a user is
> added, which is undesirable.
>
> Here's what I wanted to work:
>
> sub trans_handler
> {
> my ($r) = @_;
> my ($user) = ($r->header_in('Host') =~ /^[^\.]+/);
> $r->document_root("/home/$user/www");
> return DECLINED;
> }
>
> PerlTransHandler trans_handler
>
> but I got
>
> [error] Usage: Apache::document_root(r) at handler.pl line 41
>
> so document_root ain't writable.
>
> Any other suggestions? I'm loathe to recreate the entire default Apache
> directory handler in my trans_handler (looking for index.html, etc.)
>
> Jon
--
Sean Chittenden p. 650.473.1805
auctia.com, Inc. f. 650.329.9651
