Re: Icky Gross and Disgusting @INC Kludges. (code, discussion)

by mikfire (Deacon)
on May 14, 2001

in reply to Icky Gross and Disgusting @INC Kludges. (code, discussion)

In approximately the order they were asked
  1. You really can't - sooner or later the web daemon has to read the files and any sufficiently capable blackhat can read them. The best solution I found was a directory where the webdaemon can read and you can write. This at least stops blackhats from reading *your* directory.
  2. I do not think ( and I am sure merlyn will correct me on this ) it is *that* much of a security risk. I would be far more concerned about bad input than about a blackhat discovering what modules I am using.
  3. Don't know :)
  4. First, only pure-perl modules will work - anything using XS is right out. Second, you need to make sure the modules are not using perl 5.6 specific widgets. Given those two conditions, things should just work. Personally, I wouldn't do it. I bet things would fail in spectacular fashions when one of the two conditions is not met.
  5. See previous
  6. Bribery. Speaking as an admin myself, bribery almost always works. Offer to buy the sysadmin a cup'a'joe/ soda/lunch, whatever. Let the SA know that you would like this as a personal favour. Mention that this would not involve breaking existing scripts - perl 5.6 could be installed in a completely different path. Tell your SA that you don't mind doing the compile/test phase. Tell your SA you will do the postinstall work as well. Mention that perl 5.6.1 is out ( the magic first revision ). More bribery. Begging rarely works, but it does sometimes amuse me :)
