I want to build a sandbox environment for the plugins but where they can only play with the toys I give them :). Eval allows any and all code to be executed (provided its valid Perl of course) but Safe appears not to. I intend to follow the standard approach of 'what is not permitted is automatically denied'.

I agree that Safe is the answer hence my original question.

I have already started to lock down the environment to prevent clobbering by using 'tie' to control access to the hash. I have done this by appropriate use of STORE() and caller().

Now that I have had longer to think about it and try some code out, my wants list for features is something like:

1. Allow controlled access to the environment (WIP)
2. Remove access to anything dangerous (well... as much as possible at least)
3. Providing as much API code as possible to make the developers life easier :P
4. Allow plugins to be chained (etc etc etc).

If I can get this framework right then hopefully I can reapply it to many of my other projects too. Not just a content management system.

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.