At 11:08 AM 2/5/2001 +0000, David Grove wrote:
>Dan Sugalski <[EMAIL PROTECTED]> wrote:
>
> > At 02:17 PM 2/5/2001 -0200, Branden wrote:
> > > > I think that, if you want this behavior, a module that implements
>it
> > > > would be just fine. (Why muck with "use"?) To use a module name
> > > > that seems like it could fit this purpose:
> > > >
> > > > use autoload { Bar => 'http://www.cpan.org/modules/Bar' },
> > > > { Baz => 'ftp://my.local.domain/perl-modules/Baz',
> > VERSION =>
> > >2 };
> > >
> > >Very good idea indeed!!! Append the wishlist to add this module to
>perl6's
> > >standard library!!!
> >
> > Very *bad* idea. It sounds nice, but using a remote module without any
> > sort
> > of control is just begging for trouble.
> >
> > This would make your average unpatched Microsoft product look
>impregnably
> > secure by comparison, and I can guarantee you it'd be the first thing
>I'd
> > disable when building perl.
>
>Please excuse me if I'm not up to date in this thread. I'm going on this
>posting only.
>
>Although I'd agree with you about the security, Dan, this kind of remote
>processing would, I think, be useful in my case as well, although at a
>minimum it should be a non-default option. Currently, I'm doing some of
>this by grabbing remote code and running it through exec(), but that's not
>debuggable. I administer IS for offices in three continents and several
>locations in the US, and prefer to have parts of my code distributed in
>this way. In fact, one of my main scripts is basically an empty tk root
>window (with a menu) that gets its contents remotely in this way. Of
>course, those contents travel compressed and encrypted.
I'm not arguing the utility of being able to do this, but I can't think of
any way to do it safely. For something like this I'd far rather not provide
anything at all than provide something unsafe. CPAN has some security
issues, but at least you get the opportunity to check out code before
installing it, and someone has to explicitly do things to install foreign
code. This proposal makes it altogether too easy to get nasty code in.
FWIW, your problem sounds like it might be amenable to loading in code from
elsewhere into a Safe compartment. Safe's one of the things that I'd like
to make better in perl 6.
>The other option for me would be to be able to debug what's inside an
>eval(), which IIRC we've already shot down.
Well, I really want to get more debugging support into perl 6 generally,
which may well help this. Or not, it's hard to say.
Dan
--------------------------------------"it's like this"-------------------
Dan Sugalski even samurai
[EMAIL PROTECTED] have teddy bears and even
teddy bears get drunk
