[ic] mv_credit_card_reference
interchange-users@interchange.redhat.com
interchange-users@interchange.redhat.com
Wed Oct 10 19:31:00 2001
On Wed, Oct 10, 2001 at 05:44:44PM -0400, Mike Heins wrote:
> Quoting Javier Martin (martin@trymedia.com):
> > > > Thanks a lot Mike. I solved it by calling:
> > > >
> > > > my $cc_ref = (Vend::Order::encrypt_standard_cc($CGI, 1)) [6]
> > > >
> > > > from [perl], but &calc looks cleaner because I'm validating the
> > > CC twice...
> > > >
> > >
> > > Obviously you are running AllowGlobal....you should put in a
> > > warning "don't
> > > try this at home". 8-)
> >
> > Yes, I think I will follow those guidelines from the docs about locking down
> > the server. I've removed the Vend::Order::encrypt_standard_cc call, and have
> > changed [perl]...[/perl] by &calc=<<EOF ... EOF.
> >
> > I still have problems though, because I have a lot more of code which gets
> > trapped by Safe::Hole, concretely calls to Digest::MD5 and LWP. I've moved
> > all of this to globalsubs and included them from the main
> > /etc/interchange.cfg file, but when I call one of the subs, I get something
> > like:
> >
> > process Safe: Undefined subroutine &MVSAFE94805::calc_md5 called at (eval
> > 257) line 40.
Look back in the mailing list for [realperl] tag. Look at the way the
tag is called in Interpolate. Safe provides a lot of good things, but if you
are using a lot of system calls and external processes you need to know
how to get around it when need be.
> I am working on a new programming guide, and one of the first things
> it says is:
>
> Don't use GlobalSub.
>
> The real method of doing this is just change your GlobalSub to a
> $Tag, i.e. a global UserTag. Perhaps I should make a $Sub object...8-)
Is GlobalSub on the deprecated list?
cfm
--
Christopher F. Miller, Publisher cfm@maine.com
MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
1.207.657.5078 http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux