On Wed, 27 Sep 2000, Matt Sergeant wrote:
> On Wed, 27 Sep 2000, Matthew Byng-Maddick wrote:
> Actually I think the people we need to get involved are the web site
> builders - the larger companies offering dynamic web content creation. We
> also need some more mainstream tools, the oft-requested "Zope-a-like" in
> Perl. And it needs to be trivial to install (I'm not sure how likely that
> is to be yet).
This is roughly the kind of company I work for, so agreed.
> > > PHP comes with a lot of ISP accounts for free with no extra cost. Java does
> > > not yet, but I've started seeing ISPs starting to support Java in the low
> > > end shared server accounts...
> > Wow. I'm surprised, for the security reasons I've outlined above. But then
> > I don't know much about PHP, really.
> PHP can runs as a normal CGI, using suExec. So it's like advertising Perl
> support.
Right.
> What would help mod_perl is a working sandboxing system, based on Safe and
> SafeHole. I've advocated that idea before, but still don't have the time
> to go and build it. With that sort of system, and ISP could easily trap or
> prevent whatever they need to, and we could work with them to build up
> secure proffessional installations.
Schwern and I were discussing a new mechanism for a sandbox in Perl6, but
unfortunately, I'm not sure how trivial it would be for Perl5, and also,
you have to wonder whether any improvement will take away any performance
advantage that mod_perl gives you.
> However, I'm honestly not sure if the whole of mod_perl is "right" for the
> majority of small fee ISP's. What the ISP's need is perhaps one of the
> mod_perl modules, like Mason, Embperl or AxKit, or something like
> that. Rather than letting users write PerlInitHandlers! Unfortunately I
> have no idea how you might secure one of these modules, even though one is
> my own.
With difficulty. :) that wasn't helpful - but we really need a perl
sandboxing mechanism. (perhaps if you can use safe to restrict open(),
socket(), creat() etc, then you're doing the right thing....)
MBM
--
UNIX is hot. It's more than hot. It's steaming. It's quicksilver
lightning with a laserbeam kicker. -- Michael Jay Tucker
