I think Randal was making a similar point I was making last night (SG
time). That as long as you execute Perl code, you can manipualte the memory
space of Perl (and hance change the behavior of Apache::Registry).
But you explained it in your reply to me. Basically you want explicit
handlers that are tightly defined to run but you aren't talking about
allowing users to run Apache::Registry scripts arbitrarily. Just explicitly
defined pieces of code like a handler for counter() logic.
The CGI scripts on your site would not be passed through Apache::Registry
or Apache::PerlRun, they would run as normal CGIs. No? So that makes sense
as a motivation to allow mod_perl on a server for content handlers that are
tightly defined. But don't allow the users access to anything else in mod_perl.
At 04:36 PM 11/17/00 -0500, Richard L. Goerwitz wrote:
>"Randal L. Schwartz" wrote:
>
> > I think y'all are missing it. As soon as I have any Perl code access
> > via Apache::Registry or anything like that, I can do this:
> >
> > *Apache::Registry::handler = \&my_trojan_horse;
>
>Can you explain in what server-configuration context the above directive
>would be executed?
>
>(I'm not disputing anything you say; just trying to follow.)
>
>--
>Richard Goerwitz [EMAIL PROTECTED]
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
__________________________________________________
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Web Technology Company
http://www.extropia.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
