I actually have some ideas:
(Apache was a bad example. Sendmail would probably be a better model.)
o Scripts are only executable if listed in 'perl.cf'
o Web/CGI scripts are listed in 'cgi.cf'
o Other specific conditionals(?):
o Execute if $ENV{REMOTE_USER}/$user is defined/valid
o allow only select to tables xxx
o allow only update/add to tables xxx
o no spawns or conditional
o no system or conditional
o no evals or conditional
o filename write filtering (no .cgi, .pl, .sh, .tcl, ...)
o always strict or conditional
That's just while I was in the shower. I'm sure I can come up with more, but I
have a donut and hot chocolate with my name on it. I'm also wondering if we can
steal some stuff from the Java Model.
Grant M.
P.S.> I understand that some of this can be done in the OS, but why should Perl
be dependent on the OS.
