> Frank Maas wrote: > >> On Tue, Aug 01, 2006 at 07:33:51AM +0100, John ORourke wrote: >> >> >>> You could even do something really clever and make it map URI onto >>> module - eg. so /debitor/contract/create calls >>> Debitor::Contract->create(), but that wouldn't be very secure! > > As described, it would allow any person with access to the web server to > call any method of any installed Perl module! Just by adding some > simple checks to ensure only certain allowed modules and methods were > called, it could become secure.
That was my point. As it was stated it looks as if any mechanism that implements this flexibility would be insecure, which of course is not true. If one would leave it at a simple s#/(.*)/(.*)/(.*)#\u$1::\u$2->$3()/ then an insecure situation would arise. But you introduced it as 'doing something really clever', so I read it as doing more than that (including tests and all). I could not combine this with being insecure. Thanks for the additional info. Regards, Frank
