[ic] New version of Safe
Mike Heins
mike at perusion.com
Mon Mar 8 19:33:15 UTC 2010
Quoting Jon Jensen (jon at endpoint.com):
> Folks,
>
> Today the maintainer of Safe posed this note:
>
> New Safe.pm fixes security hole
> http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html
>
> Unfortunately I can't tell from the description what the "security hole"
> really is, because the discussion is brief and mixed with an overview of
> Safe in general.
It looks to me that they are talking about code injection via AUTOLOAD
reference.
>
> But a new version of Safe is on CPAN, so we should check it out and make
> sure it's still compatible with Interchange.
That's for sure.
I never intended Safe to be protection against hackers. It is meant
to provide for peace-of-mind when handing page modification capability
out to relative tyros. Somehow it is quite comforting to me when
system('rm -rf *') ;
doesn't run right off the bat....
I think it has been quite successful for the purpose intended.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.328.4479 <mike at perusion.com>
Experience is what allows you to recognize a mistake the second time you
make it. -- unknown
More information about the interchange-users
mailing list