On Tue, Feb 21, 2012 at 6:55 PM, Cees Hek <cees...@gmail.com> wrote: > On Mon, Feb 13, 2012 at 11:58 PM, Aaron Knister <aar...@umbc.edu> wrote: > > Hi Tuomo, > > > > I don't mean 80,000 virtual hosts. I have over 80k unix accounts for > which content is being served via mod_userdir. And I consider each one it's > own "site". It's critical to the environment that users be prevented from > specifying handlers in htaccess files in part exactly for the reasons you > specified. The other issue is the potential for suexec abuse. I only have > one perl access handler I need to use and it has no global variables. > > Hi Aaron, > > In the end would it not be safer to remove mod_perl all together? You > don't mention exactly what you are doing with mod_perl so this may not > be practical, but you do mention you only have one perl access > handler. Can that not be rewritten in C? Is there no existing third > party C module that can do what you need (or be modified slightly to > do what you need)? > > Also, you briefly mentioned <Perl> sections. These are generally > pretty easy to get around by just pre-generating your apache.conf file > using a simple perl script and a templating module. This is how I > understand most people create complex apache.conf files and this is > how I have always done it. > > It might sound odd for someone to tell you not to use mod_perl on the > mod_perl mailing list, but I think in your situation a lighter-weight > solution would save you a lot of headaches. > > Cheers, > > Cees >
Hi Cees, I think it may be safer to remove mod_perl all together and re-write the module in C (exactly what I did a few days ago, actually). The support curve is lower if the handler is written in Perl but the code is simple enough that I think leaving it in C is a good compromise. Thanks for the feedback! -Aaron -- Aaron Knister Systems Administrator Division of Information Technology University of Maryland, Baltimore County aar...@umbc.edu
