mgraham wrote:
> Maybe another approach would be to explicitly list the handlers that
> are allowed to be used in any given context. Kind of
> like 'Options', but for perl handlers. Something like 'PerlOptions',
> perhaps?
>
> <Location /users>
> PerlOptions "My::AuthHandler My::ContentHandler My::TransHandler"
> </Location>
That's a neat idea.
The only quibble I can think of is that this doesn't go far enough.
This lower level of privilege we're talking about is one in which -
1) Only specific Perl modules are available (or ones in specific
paths; no literal 'sub { ... }' handlers)
2) PerlSetEnv (and PerlPassEnv?) aren't usable
3) PERL5LIB isn't changeable
4) <Perl> sections are unavailable
--
Richard Goerwitz [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
- RE: security suggestion Christian Gilmore
- Re: security suggestion Gunther Birznieks
- Apache::VirtualHostRegistry Nigel Hamilton
- Re: Apache::VirtualHostRegistry Matthew Byng-Maddick
- Re: Apache::VirtualHostRegistry Gunther Birznieks
- Re: Apache::VirtualHostRegistry Matthew Byng-Maddick
- Re: security suggestion Richard L. Goerwitz
- Re: security suggestion Randal L. Schwartz
- Re: security suggestion Richard L. Goerwitz
- RE: security suggestion mgraham
- Re: security suggestion Richard L. Goerwitz
- Re: security suggestion Randal L. Schwartz
- Re: security suggestion Richard L. Goerwitz
- Re: security suggestion Gunther Birznieks
- Re: security suggestion Richard Goerwitz
- Re: security suggestion Gunther Birznieks
- Re: security suggestion Richard L. Goerwitz
- Re: security suggestion Gunther Birznieks
- Re: security suggestion Dave Kaufman
- Re: security suggestion Dave Kaufman
- RE: security suggestion Doug MacEachern
