in reply to Icky Gross and Disgusting @INC Kludges. (code, discussion)
In approximately the order they were asked
mikfire
- You really can't - sooner or later the web daemon has to read the files and any sufficiently capable blackhat can read them. The best solution I found was a directory where the webdaemon can read and you can write. This at least stops blackhats from reading *your* directory.
- I do not think ( and I am sure merlyn will correct me on this ) it is *that* much of a security risk. I would be far more concerned about bad input than about a blackhat discovering what modules I am using.
- Don't know :)
- First, only pure-perl modules will work - anything using XS is right out. Second, you need to make sure the modules are not using perl 5.6 specific widgets. Given those two conditions, things should just work. Personally, I wouldn't do it. I bet things would fail in spectacular fashions when one of the two conditions is not met.
- See previous
- Bribery. Speaking as an admin myself, bribery almost always works. Offer to buy the sysadmin a cup'a'joe/ soda/lunch, whatever. Let the SA know that you would like this as a personal favour. Mention that this would not involve breaking existing scripts - perl 5.6 could be installed in a completely different path. Tell your SA that you don't mind doing the compile/test phase. Tell your SA you will do the postinstall work as well. Mention that perl 5.6.1 is out ( the magic first revision ). More bribery. Begging rarely works, but it does sometimes amuse me :)
mikfire
|
---|
In Section
Seekers of Perl Wisdom