in reply to Re^2: wget alternative
in thread wget alternative

Thanks!

Beings that the script is being hosted on servers that don't belong to me, is it really ethically okay to execute the updates either by replacing modules or include()-ing them?

They'd be eval{ }-ed and it'd only do so when prompted, so it's not a matter of CAN I, but more of a SHOULD I allow Perl to execute code from an external source?

Replies are listed 'Best First'.
Re^4: wget alternative
by ww (Archbishop) on Jul 15, 2011 at 11:25 UTC
    Not if you're using the system Perl and system libs!

    If you want to twiddle modules for yourself, that's one thing; but messing with the tools used by others on "servers that don't belong to (you)" is waaaay wrong. And the scenario outlined in your initial post (at least as I understand it) means you plan to allow users -- without limits -- to modify an executable script... which is sort of a wee, small security problem.

    Perhaps you should tell us what you're really trying to accomplish, on the chance that some Monk can offer a better approach.

[reply]

      Perhaps that'd be a good idea :)

      Basically, its a small custom web content management system. The idea is to allow "easy" download and installation of updates and modules -- in Click-To-Run fashion. Mainly because my users aren't very savvy.

      But, I'm thinking that the risks outweigh the benefits.

[reply]
        Hugely. If someone does manage to break in, then you've handed them a nice mechanism for downloading and installing stuff too. Better to work out a maintenance agreement with your users, if there aren't too many, or set things up so they can specifically download and reinstall on their own hook (WordPress-style).
[reply]

In Section Seekers of Perl Wisdom