in reply to mod_perl- am I safe?

One way to check, since particularly you are working with what appear to be destructive SQL statements (INSERTs, UPDATEs, and DELETEs), is to first clone the scripts into a new virtual server that uses mod_perl, and replace those SQL calls with print statements, or use a different database, or something along those lines; test the mod_perl 'happyness' in a virtual server before bringing everything on-line into mod_perl.

I'm assuming that when you mean "posted" variables that you are getting these from CGI.pm. I've found that for sites with multiple scripts and a few support modules under mod_perl, you'll want to create the CGI object from the scripts as opposed to the support modules; even though the script stays resident in memory, the entire body is effectively wrapped into a block, such that a call like my $cgi = new CGI; only exists for that once-through and no more. If you try to move the CGI creation into the support modules and exporting the $cgi value, you'll run into problems there since that $cgi is not recreated on each HTTP access.

But again, absolutely test your mod_perl code with a database that can be thrown away or with appropriate debugging statements in place of the SQL statements, before you bring up the site live. It sounds like you should be ok by just mod_perl'ing it, but you never know.

Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain

Replies are listed 'Best First'.
Re: Re: mod_perl- am I safe?
by Hero Zzyzzx (Curate) on Mar 23, 2001 at 20:02 UTC

    Thanks! My next step was to set up the virtual server, copy the database, and use ab (apache benchmark) to slam the server with requests and see what happens. Not very elegant, I suppose, but it should work well enough for testing.

    I just wanted to know beforehand if I might be free and clear with mod_perl. I am using Apache::Registry as my mod_perl handler.

    Here's the appropriate code from httpd.conf. I assume "UseStrict 1" helps protect variables? Sorry for what are probably basic questions, I'm figuring this stuff out gradually.

    <Location /perl-bin>
        PerlSendHeader On
        SetHandler perl-script
        PerlHandler Apache::Registry
        PerlSetVar UseStrict 1
        Options +ExecCGI
</Location>

    [download]

[reply]
[d/l]
[select]
      Don't have the docs handy, but OOTOMH, 'UseStrict' simply implies that use strict; would be at the top of every perl script that mod_perl handles, whether explicitly there or not. It doesn't protect any variables in any way. Of course, I will assume you already have use strict; at the top of every perl file you've written, don't you? :)

      Don't try to drop in the entire project at one shot; start with non-DB-destructive files like search routines or lookups, and make sure these work and apply any bug fixes that you need to across all project files. While it's a lot easier to build a site that will use mod_perl in an environment that already users mod_perl from scratch, existing scripts that use good perl programming practices should be able to drop in without any major gotchas, but there will always be a few.

      Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom