in reply to Re:**5 SOAP::Lite and Security (Phrack #58)
in thread SOAP::Lite and Security (Phrack #58)

I've read Safe docs and I have an idea how it works. I just don't get how it can help SOAP::Lite.

In case with SOAP::Lite you have several subs in different packages which should be remotly accessible. Note that these subs can themselves call other subs which should not be remotly accessible. That's ok. The problem is that SOAP::Lite doesn't provide means to restrict list of remotly accessible subs. Basically you can call any existing subroutine in any package via SOAP::Lite.

This problem is not related to restricting perlops. It is about creating restriction for subs which can be remotly called. And it is not a job for Safe to build and check list of subroutines allowed to be called remotly. It is a job for SOAP::Lite itself.

--
Ilya Martynov (http://martynov.org/)

  • Comment on Re:**6 SOAP::Lite and Security (Phrack #58)

Replies are listed 'Best First'.
Re:**7 SOAP::Lite and Security (Phrack #58)
by belg4mit (Prior) on Dec 31, 2001 at 12:04 UTC
    Safe does more than just restrict perlops as the example code illustrates. And I won't deny that the responsibility lies with SOAP::Lite. Perhaps subclassing to SOAP::Lite::Safe would be good, I'll put it on my vaporware todo list...

    --
    perl -pe "s/\b;([st])/'\1/mg"

[reply]

In Section Meditations