in reply to How to answer "Perl is not secure" objections?
There is some truth in the manager^3's fear: if you are running Perl through mod_perl on apache without any security in mind, the application runs with the privileges of the web server. If that is root, you have a problem.
As far as I remember though, Red Hat locked apache down by changing to some "nobody/nogroup" user after starting. If it is RH Enterprise 4 or later, SELinux might be used to further lock down the server. To such an extent that it might be a pain to get mod_perl running at all.
The bottom line is that mod_perl can be a security hole if the system has bad administration. With good administration (chroot, changing user/group after startup), mod_perl can be perfectly secure. It can never bypass OS security, but it can use the permissions it was granted.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: How to answer "Perl is not secure" objections?
by chargrill (Parson) on Sep 06, 2007 at 22:54 UTC |
In Section
Seekers of Perl Wisdom