http://qs321.pair.com?node_id=430525


in reply to lib::http - Using virtually a Perl library from the Internet with the HTTP protocol.

The problem with doing this is that now all somebody has to do to comprimise the system of everybody running this with the defaults is to break in to the sourceforge account, or otherwise modifiy the files there. Even worse, since you used a domain name, it's possible to use DNS posining to fake things, and point at another server completely.

It'd be nice if this did https, and had a parameter for easy checking of the server's Client-SSL-Cert-Subject and Client-SSL-Warning psuedoheaders.

Oh, and nitpick: "fisically" referrers to financials, "physically" is the opposite of "virtually".

Warning: Unless otherwise stated, code is untested. Do not use without understanding. Code is posted in the hopes it is useful, but without warranty. All copyrights are relinquished into the public domain unless otherwise stated. I am not an angel. I am capable of error, and err on a fairly regular basis. If I made a mistake, please let me know (such as by replying to this node).

  • Comment on Re: lib::http - Using virtually a Perl library from the Internet with the HTTP protocol.

Replies are listed 'Best First'.
Re^2: lib::http - Using virtually a Perl library from the Internet with the HTTP protocol.
by gmpassos (Priest) on Feb 13, 2005 at 17:11 UTC
    1st, we don't need to have a installed Perl in the Web Server, you can copy the perl Library of any Perl distributin of any OS and put in the server, and actually is what we do here.

    About the DNS, well, use the IP, and a HTTP access is used for almost any system in the internet, so, is not less secure than any other system.

    The SSL support can be a new resource in the future, but we can't forget that the idea is that lib::http need to be self contained, since only with lib::http loaded in the Perl interpreter we need to be able to active all the resource to load things from the internet, or will not make sence to already have a big Perl library installed locally, since what I really want is to not have any Perl Library installed, only the internet one.

    Graciliano M. P.
    "Creativity is the expression of liberty".

[reply]
Re^2: lib::http - Using virtually a Perl library from the Internet with the HTTP protocol.
by itub (Priest) on Feb 13, 2005 at 16:56 UTC
    I'd say "fisically" doesn't mean anything, but "fiscally" is related to financials. This kind of spelling mistake (physical --> fisical) is very common when your native language uses "f" instead of "ph" and "i" instead of "y". It's something deeply ingrained into one's consciousness; I still do it every once in a while when I get distracted.
[reply]

In Section Meditations