I'm not sure why you're using a dispatch table here...
The table offers slightly more security, in that there's no possibility of unguarded user input somehow selecting an inappropriate function.
Even so, namespacing as you've done ameliorates that somewhat.
| [reply] |
In this case, I cordially suggest that the concern is not “the use of dispatch-tables per se,” but the authentication that must take place to confirm that a particular dispatch-table entry may be used.
When I construct dispatch tables, I usually employ a hashref where each element points to another hashref with several entries in it. One of these of course is a reference to the sub that must be called to do the work. Others may be to subs that serve as parameter-validators and security checkers ... you can get as fancy as you like, even setting up arrays of these subroutine references.
And then, when the target routine actually does get control, it, too, I believe, has the same duty to check once again that it is being called under appropriate conditions. (Those checks can be simpler, since they basically serve to double-check that the dispatcher is doing its job.) Only requests that have been scrutinized several times, by code that exists in several different places, actually get carried out.
| |
You're right, I'm not sure yet if I really need a hash. I'll have to figure out some of the details.
I also already started using the "not exists" part, but running into a problem with that: I want to move the setup of the dispatch table / array into a module, but in the module the "exists &{"tcid_$_"} always fails as the sub is not defined in this module. Is there a good workaround for this?
| [reply] |
Yes. What package will they be in? If they'll be in the Foo package, then just use exists &{"Foo::tcid_$_"} instead. :-)
| [reply] [d/l] |
They won't be in any package, but in the .pl script. I got it to work by using "main::", thanks for the hint.
| [reply] |