[ic] New version of Safe

Mike Heins mike at perusion.com
Mon Mar 8 19:33:15 UTC 2010

Quoting Jon Jensen (jon at endpoint.com):
> Folks,
> Today the maintainer of Safe posed this note:
> New Safe.pm fixes security hole
> http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
> Unfortunately I can't tell from the description what the "security hole" 
> really is, because the discussion is brief and mixed with an overview of 
> Safe in general.

It looks to me that they are talking about code injection via AUTOLOAD

> But a new version of Safe is on CPAN, so we should check it out and make 
> sure it's still compatible with Interchange.

That's for sure.

I never intended Safe to be protection against hackers. It is meant
to provide for peace-of-mind when handing page modification capability 
out to relative tyros. Somehow it is quite comforting to me when

	system('rm -rf *') ;

doesn't run right off the bat....

I think it has been quite successful for the purpose intended.

Mike Heins
Perusion -- Expert Interchange Consulting    http://www.perusion.com/
phone +1.765.328.4479  <mike at perusion.com>

Experience is what allows you to recognize a mistake the second time you
make it. -- unknown

More information about the interchange-users mailing list