That's a very good point, I had distilled this down from an application very similar to what the OP was looking for that I was actually using in production, and may have oversimplified it a bit.
In the original, I was using attributes to flag subs that should be accessible through this interface, and didn't want to confuse the posting by leaving in all the attribute-related code. I had been thinking that it was unlikely that POE was exporting any functions that started with an underscore, but on further reflection it would certainly be possible to invoke random methods that didn't start with an underscore by hand-crafting your requests, although the amount of damage you could do would be limited by not being able to pass arguments to any of those methods, it is still something to keep in mind.
We're not surrounded, we're in a target-rich environment! |
---|