in reply to
Icky Gross and Disgusting @INC Kludges. (code, discussion)
In approximately the order they were asked
- You really can't - sooner or later the web daemon has to
read the files and any sufficiently capable blackhat
can read them. The best solution I found was a
directory where the webdaemon can read and you can
write. This at least stops blackhats from reading *your*
- I do not think ( and I am sure merlyn will correct
me on this ) it is *that* much of a security risk. I
would be far more concerned about bad input than about
a blackhat discovering what modules I am using.
- Don't know :)
- First, only pure-perl modules will work - anything
using XS is right out. Second, you need to make sure
the modules are not using perl 5.6 specific widgets.
Given those two conditions, things should just work.
Personally, I wouldn't do it. I bet things would fail
in spectacular fashions when one of the two conditions
is not met.
- See previous
- Bribery. Speaking as an admin myself, bribery almost
always works. Offer to buy the sysadmin a cup'a'joe/
soda/lunch, whatever. Let the SA know that you would like
this as a personal favour. Mention that this would not involve
breaking existing scripts - perl 5.6 could be installed
in a completely different path. Tell your SA that you
don't mind doing the compile/test phase. Tell your SA
you will do the postinstall work as well. Mention that
perl 5.6.1 is out ( the magic first revision ). More
bribery. Begging rarely works, but it does sometimes
amuse me :)