hi Matt...

I can't access my normal email from home, so forgive
the non-quoting of your message... :)

the way I set it up, when running in DispatchMode =
Safe (the default, which I didn't mention in the
docs), you wouldn't be able to call /File/Find/find
without explitily allowing File or File::Find in
DispatchAllow.  I think this addresses the namespace
issue - if someone wants to open up File::Find, or
whatever, that badly, they can always do it anyway, I
suppose.  

But maybe we're missing eachother on this?  Or you
have something in mind that I don't? I'll admit, I'm
far from a web security expert, and this does need to
be quite secure to be a benefit to anyone...

as for method restrictions, I can't remember if it was
talked about - I'll have to go over the archives
again.
however, having to specify Foo::Bar->method for each
method you want to use seems like overkill to me,
almost as limiting as having to add all those location
tags.  I suppose that setting DispatchMethod = Handler
(the default) along with Safe mode would offer a good
amount of protection against blunders, allowing only
Foo::Bar->handler.  I guess I was just trying to offer
a fair amount of flexibility, but with flexibility
comes the ability to kill your server.  of course, a
regular CGI script can do that too if you're not
careful. :)

I don't really think that, in general, imposing method
restrictions is necessary, for there isn't really a
way to pass any arguments to the method anyway, right?
 don't all mod_perl handlers get the request object as
the only argument (unless prototyped as $$)?

It had occured to me not to allow Foolish behavior
(allowing anything under the sun to execute) so I may
remove it if there is much reservation from folks...

let me know what you think...

--Geoff

__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

Reply via email to