perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug MacEachern <do...@pobox.com>
Subject Re: Clearing the PAD between executions.
Date Wed, 01 Mar 2000 06:18:54 GMT
On Wed, 16 Feb 2000 shane@isupportlive.com wrote:
> 
> Well... essentially the information is still inside the PAD the next
> go round.  So if you don't change the value before trying to access it
> you might give session data to the next caller of the program by
> accident.  This is a security risk, but can be over repaired by
> designing better perl of course :).

but the only way this happens from Perl code is with the nested sub
problem.  e.g. in a Registry script:

my $foo;
sub handler {
    $foo = ...;
    print $foo; #will always be the value it was first assigned
}

vs.

sub handler {
    my $foo = ...;
    print $foo; #won't ever see an old value here, 
                #even though it can be dug out of the pad list via xs
}

is this what you're trying to fix?  or have you found another problem?
 
> Well..., I'll include a mini description here, if you want more info
> just email me personally and I'll go through the whole thing from
> start to finish.  Since I know that your very familiar with the
> internals of perl, I'll be doing this fairly technically, so if anyone
> out there wants a less technical explanation, just say so.

wow, phttpd and mato_perl sounds really cool!!  I'd really like to absorb
what you've said here and learn more about the project.  with mod_perl-2.0
about to start, and your code being young, it would be great if we could
design a core library that could be shared by both.  probably wishful
thinking, but I certainly will keep it mind :)


Mime
View raw message