Building a simple Perl Module Database

Suppose your latest Perl project makes ample use of homegrown modules. (For an example of this, see the Iaijutsu or Jellybean projects.) Because these are designed to work in a web environment, security is a big concern. However, the modules (or objects, as we tend to call them) also must be mutable. Developers need to be able to modify them slightly via the web interface.

One solution is to use eval() liberally. This involves a performance hit, however, in that each instance where the module is used, it must be recompiled (unless there are steps taken of which I am unaware). Since the module is more likely to be invoked at least ten times for each edit (a low estimate), this introduces a large penalty.

Another concern is security. Is it wise to allow the uid of the web server to have write access to the module directory? A clever invader could exploit this to do all sorts of nasty things. (Then again, allowing real-time editing of executable objects on a production web server does have similar risks.)

A better option, at least in my opinion, and for the Unix world, is a quick method which I devised recently.

Set up your web server and Perl content, running normally with restrictive permissions. Set up a module server process, as in the code section.

In your web server process, you will need to do a couple of things when you want to require() in a module. First, open a pipe for writing. It connects to $INPIPE in the module server. Second, write the name of the module you want, when you want it, to the pipe. Third, call request() on the name of the output pipe in the module server.

Yes, it really works -- require() thinks that a module pulled out of a database somewhere (or off of a network share or something else entirely more bizarre) is the same as a module read from a normal file. If it's valid Perl, it will work.

Please note that I have not set any handlers for SIGPIPE, which you will want to do in a production environment, nor have I given any suggestions for the appropriate locations for the pipes. Still, it is my hope that something here has given you a wacky idea which will prove useful.

use ModuleServer;

my $modpath = "/foo";     # path to where modules are expected
my $module = "";

while (1) {
    open (INPIPE, "> $INPIPE) || die "Can't open $INPIPE: $!";
    my $modname = <INPIPE>;
    close INPIPE;

# fetch module $modname from database or wherever into $module

    unless (-p $modname) {
        unlink $modname;
        system('mknod', $modname, 'p') 
            && die "Can't make pipe $modname: $!";
    }

    open (OUTPIPE, "> $modpath$modname") 
        || die "Can't write to $modname: $!";
    
    print OUTPIPE $module;
    close OUTPIPE;
    sleep (1);
}
[download]

In reply to Building a Simple Perl Module Database by chromatic

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.