CodeJunkie has asked for the wisdom of the Perl Monks concerning the following question:

Hi
I am really new to writing Perl modules, i've looked at a few of the documents about them, but I was wondering if I could ask a relatively simple (I hope) question.

I want to be able to write a perl module, i.e. MyModule.pm and specify where to put it. I.e. I want to have it under my document root in a /modules folder. This might sound a little strange, but I have written some software that requires a module that would not normally be installed by default Apache::HTpasswd I think it's called. Anyway, I want to include this module in my software package so that my software doesn't need to rely on it installed on the system.

Let me know if you think I am going about this all wrong.
Cheers,
Tom

Replies are listed 'Best First'.
•Re: Location of perl modules
by merlyn (Sage) on Mar 18, 2003 at 13:07 UTC
    Do not put code components into URL-accessible namespaces. Obviously, a CGI script needs to be below some docroot so that you can name it, but a .pm file or data file must not be below docroot, or you will have potential serious security issues.

    Now, if you want to stick it somewhere away from the docroot, you can get to it by extending @INC. If you have questions about that, please ask.

    Or, just include it directly in your program inside a BEGIN block... I've posted code here before about how to do that with CGI.pm on systems that don't have a modern CGI.pm installed. You can adapt that for your module.

    -- Randal L. Schwartz, Perl hacker
    Be sure to read my standard disclaimer if this is a reply.

[reply]

      Hi,
      Thanks, that just what I needed to know. I can see what you mean about security issues.

      So if you were writing a software application that needed to sit entirely under the document root, and you were writing your own Perl modules, what would you do...? I guess I could ask people to put stuff outside the document root... I think i'll take a look at your code for including the CGI module and see if I can use that,

      cheers,
      Tom

[reply]
        So if you were writing a software application that needed to sit entirely under the document root {...}
        I'd explain to my client that they should hire another programmer, because I wasn't willing to be responsible for a mistake in security when such a file layout was clearly not necessary.

        Letting the PHBs decide technical issues is unethical as a professional programmer.

        -- Randal L. Schwartz, Perl hacker
        Be sure to read my standard disclaimer if this is a reply.

[reply]
      Exactly what security issues?

      I sometimes put modules in a subdirectory of a (CGI) script when I have very custom versions of a module per script, and that way, it's easy to keep track of which module version belongs to which script. Actually, they're more like loadable sections of the main script, on demand. Plus, they're easier to copy to different systems, that way.

      The way I keep them from prying eyes, is by denying access to them through the HTTP server, by placing a deny from all rule on *.pm files, in my .htaccess file.

      The only other problem I can think of, is the value of the current directory when the script is run, in order to find that libroot. You cannot be 100% sure that it's the directory the script is in — though for CGI, that is generally the case. In theory, FindBin should be able to help locate the script, but I've had it more fail to do anything at all, than actually help.

[reply]
[d/l]

Back to Seekers of Perl Wisdom