Loading ...
Sorry, an error occurred while loading the content.

Re: [soaplite] use doesn't work

Expand Messages
  • Paul Kulchenko
    Hi, Pedro! ... No, you don t need to copy them or do anything like that. You have at least two options. First, you can always add use ... in server script
    Message 1 of 6 , Jun 26, 2001
    • 0 Attachment
      Hi, Pedro!

      > I know that for security reasons SOAP::Lite ignores @INC, and
      > modules should
      > instead be in a directory mentioned in a call to dispatch_to().
      > My question is, what if my module need to use standard Perl modules
      > (typically found in /usr/lib/perl5)? Do I have to copy them too?
      > What if they in turn use other packages?
      No, you don't need to copy them or do anything like that. You have at
      least two options. First, you can always add 'use ...' in server
      script itself:

      use MyModule;
      use SOAP::Transport::HTTP;
      ......

      then during 'use ...' @INC will be available.

      Alternatively you can use mixed dispatch, when you specify both
      directory AND module name:

      ->dispatch_to('/my/path/to/MyModule', 'MyModule');

      Generally, @INC is disabled ONLY if module is loaded from dinamic
      path AND DO NOT specified explicitely.

      You may check SECURITY section
      (http://perldoc.anidea.com/SOAP/Lite.html#security) and SERVICE
      DEPLOYMENT. STATIC AND DYNAMIC section from SOAP::Lite doc.

      Best wishes, Paul.

      --- Pedro Proen´┐Ża <pmstp@...> wrote:
      > I know that for security reasons SOAP::Lite ignores @INC, and
      > modules should
      > instead be in a directory mentioned in a call to dispatch_to().
      > My question is, what if my module need to use standard Perl modules
      > (typically found in /usr/lib/perl5)? Do I have to copy them too?
      > What if they in turn use other packages?
      >
      > TIA
      > _________________________________________________________________
      > Get your FREE download of MSN Explorer at http://explorer.msn.com
      >
      >
      > To unsubscribe from this group, send an email to:
      > soaplite-unsubscribe@yahoogroups.com
      >
      >
      >
      > Your use of Yahoo! Groups is subject to
      > http://docs.yahoo.com/info/terms/
      >
      >


      __________________________________________________
      Do You Yahoo!?
      Get personalized email addresses from Yahoo! Mail
      http://personal.mail.yahoo.com/
    • Paul Kulchenko
      Hi, Steve! You advice is valid, however I would rather specify more strict mask than just [ w:]+ . Otherwise you ll open access to ALL modules (and not only
      Message 2 of 6 , Jun 26, 2001
      • 0 Attachment
        Hi, Steve!

        You advice is valid, however I would rather specify more strict mask
        than just '[\w:]+'. Otherwise you'll open access to ALL modules (and
        not only in '/opt/lib/soap' directory, but also in @INC) which might
        be not what you want. I was thinking about providing a function that
        will read specified directory and return list of modules in that
        directory to you (emulate Mixed dispatch without specifying it
        manually), but the code is not very portable and the whole idea is
        ugly, so I just dropped it.

        Any way, Pedro, you can follow this advice also, just be careful do
        not give access to your core modules without control.

        Best wishes, Paul.

        --- Steve McKay <smckay@...> wrote:
        > Pedro,
        >
        > In your server you can do something like:
        >
        > my $daemon = SOAP::Transport::HTTP::Daemon
        > -> new (LocalAddr => '127.0.0.1',
        > LocalPort => "5000",
        > Reuse => 1)
        > -> on_action(sub { foreach (@_) { print "$_[1] $_[2]\n"; }})
        > #Use regex so we can 'use' other libraries in our modules
        > ->dispatch_to('/opt/lib/soap','[\w:]+');
        >
        > print "SOAP server running on ".$daemon->url."\n";
        > $daemon->handle;
        >
        >
        >
        > Where /opt/lib/soap is where all of your perl modules live that you
        >
        > would want to call from the soap server.
        >
        >
        > Steve McKay.
        >
        >
        >
        > Pedro Proena wrote:
        >
        > >Hi all,
        > >
        > >I know that for security reasons SOAP::Lite ignores @INC, and
        > modules should
        > >instead be in a directory mentioned in a call to dispatch_to().
        > >My question is, what if my module need to use standard Perl
        > modules
        > >(typically found in /usr/lib/perl5)? Do I have to copy them too?
        > What if
        > >they in turn use other packages?
        > >
        > >TIA
        > >_________________________________________________________________
        > >Get your FREE download of MSN Explorer at http://explorer.msn.com
        > >
        > >
        > >To unsubscribe from this group, send an email to:
        > >soaplite-unsubscribe@yahoogroups.com
        > >
        > >
        > >
        > >Your use of Yahoo! Groups is subject to
        > http://docs.yahoo.com/info/terms/
        > >
        >
        >
        >
        > To unsubscribe from this group, send an email to:
        > soaplite-unsubscribe@yahoogroups.com
        >
        >
        >
        > Your use of Yahoo! Groups is subject to
        > http://docs.yahoo.com/info/terms/
        >
        >


        __________________________________________________
        Do You Yahoo!?
        Get personalized email addresses from Yahoo! Mail
        http://personal.mail.yahoo.com/
      • Steve McKay
        Paul, You are correct. The following would be a little more secure: - dispatch_to( /opt/lib/soap/[ w:]+ ); this way the soap server will only look for modules
        Message 3 of 6 , Jun 26, 2001
        • 0 Attachment
          Paul,

          You are correct. The following would be a little more secure:

          ->dispatch_to('/opt/lib/soap/[\w:]+');

          this way the soap server will only look for modules in the /opt/lib/soap
          directory, but those modules can still 'use' other modules.

          Steve McKay.


          Paul Kulchenko wrote:

          >Hi, Steve!
          >
          >You advice is valid, however I would rather specify more strict mask
          >than just '[\w:]+'. Otherwise you'll open access to ALL modules (and
          >not only in '/opt/lib/soap' directory, but also in @INC) which might
          >be not what you want. I was thinking about providing a function that
          >will read specified directory and return list of modules in that
          >directory to you (emulate Mixed dispatch without specifying it
          >manually), but the code is not very portable and the whole idea is
          >ugly, so I just dropped it.
          >
          >Any way, Pedro, you can follow this advice also, just be careful do
          >not give access to your core modules without control.
          >
          >Best wishes, Paul.
          >
          >--- Steve McKay <smckay@...> wrote:
          >
          >>Pedro,
          >>
          >>In your server you can do something like:
          >>
          >>my $daemon = SOAP::Transport::HTTP::Daemon
          >> -> new (LocalAddr => '127.0.0.1',
          >> LocalPort => "5000",
          >> Reuse => 1)
          >> -> on_action(sub { foreach (@_) { print "$_[1] $_[2]\n"; }})
          >> #Use regex so we can 'use' other libraries in our modules
          >> ->dispatch_to('/opt/lib/soap','[\w:]+');
          >>
          >>print "SOAP server running on ".$daemon->url."\n";
          >>$daemon->handle;
          >>
          >>
          >>
          >>Where /opt/lib/soap is where all of your perl modules live that you
          >>
          >>would want to call from the soap server.
          >>
          >>
          >>Steve McKay.
          >>
          >>
          >>
          >>Pedro Proena wrote:
          >>
          >>>Hi all,
          >>>
          >>>I know that for security reasons SOAP::Lite ignores @INC, and
          >>>
          >>modules should
          >>
          >>>instead be in a directory mentioned in a call to dispatch_to().
          >>>My question is, what if my module need to use standard Perl
          >>>
          >>modules
          >>
          >>>(typically found in /usr/lib/perl5)? Do I have to copy them too?
          >>>
          >>What if
          >>
          >>>they in turn use other packages?
          >>>
          >>>TIA
          >>>_________________________________________________________________
          >>>Get your FREE download of MSN Explorer at http://explorer.msn.com
          >>>
          >>>
          >>>To unsubscribe from this group, send an email to:
          >>>soaplite-unsubscribe@yahoogroups.com
          >>>
          >>>
          >>>
          >>>Your use of Yahoo! Groups is subject to
          >>>
          >>http://docs.yahoo.com/info/terms/
          >>
          >>
          >>
          >>To unsubscribe from this group, send an email to:
          >>soaplite-unsubscribe@yahoogroups.com
          >>
          >>
          >>
          >>Your use of Yahoo! Groups is subject to
          >>http://docs.yahoo.com/info/terms/
          >>
          >>
          >
          >
          >__________________________________________________
          >Do You Yahoo!?
          >Get personalized email addresses from Yahoo! Mail
          >http://personal.mail.yahoo.com/
          >
          >To unsubscribe from this group, send an email to:
          >soaplite-unsubscribe@yahoogroups.com
          >
          >
          >
          >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
          >
        • Paul Kulchenko
          Hi, Steve! ... Hm, I ll try, but I m not sure it ll work. At least I didn t plan it ... disabled, unless module::method combination matches something in your
          Message 4 of 6 , Jun 26, 2001
          • 0 Attachment
            Hi, Steve!

            > You are correct. The following would be a little more secure:
            >
            > ->dispatch_to('/opt/lib/soap/[\w:]+');
            Hm, I'll try, but I'm not sure it'll work. At least I didn't plan it
            :). Directories will be added to @INC 'as is' and @INC itself will be
            disabled, unless module::method combination matches something in your
            dispatch_to() parameters. That's the basic logic.

            Best wishes, Paul.

            --- Steve McKay <smckay@...> wrote:
            > Paul,
            >
            > You are correct. The following would be a little more secure:
            >
            > ->dispatch_to('/opt/lib/soap/[\w:]+');
            >
            > this way the soap server will only look for modules in the
            > /opt/lib/soap
            > directory, but those modules can still 'use' other modules.
            >
            > Steve McKay.
            >
            >
            > Paul Kulchenko wrote:
            >
            > >Hi, Steve!
            > >
            > >You advice is valid, however I would rather specify more strict
            > mask
            > >than just '[\w:]+'. Otherwise you'll open access to ALL modules
            > (and
            > >not only in '/opt/lib/soap' directory, but also in @INC) which
            > might
            > >be not what you want. I was thinking about providing a function
            > that
            > >will read specified directory and return list of modules in that
            > >directory to you (emulate Mixed dispatch without specifying it
            > >manually), but the code is not very portable and the whole idea is
            > >ugly, so I just dropped it.
            > >
            > >Any way, Pedro, you can follow this advice also, just be careful
            > do
            > >not give access to your core modules without control.
            > >
            > >Best wishes, Paul.
            > >
            > >--- Steve McKay <smckay@...> wrote:
            > >
            > >>Pedro,
            > >>
            > >>In your server you can do something like:
            > >>
            > >>my $daemon = SOAP::Transport::HTTP::Daemon
            > >> -> new (LocalAddr => '127.0.0.1',
            > >> LocalPort => "5000",
            > >> Reuse => 1)
            > >> -> on_action(sub { foreach (@_) { print "$_[1] $_[2]\n";
            > }})
            > >> #Use regex so we can 'use' other libraries in our modules
            > >> ->dispatch_to('/opt/lib/soap','[\w:]+');
            > >>
            > >>print "SOAP server running on ".$daemon->url."\n";
            > >>$daemon->handle;
            > >>
            > >>
            > >>
            > >>Where /opt/lib/soap is where all of your perl modules live that
            > you
            > >>
            > >>would want to call from the soap server.
            > >>
            > >>
            > >>Steve McKay.
            > >>
            > >>
            > >>
            > >>Pedro Proena wrote:
            > >>
            > >>>Hi all,
            > >>>
            > >>>I know that for security reasons SOAP::Lite ignores @INC, and
            > >>>
            > >>modules should
            > >>
            > >>>instead be in a directory mentioned in a call to dispatch_to().
            > >>>My question is, what if my module need to use standard Perl
            > >>>
            > >>modules
            > >>
            > >>>(typically found in /usr/lib/perl5)? Do I have to copy them
            > too?
            > >>>
            > >>What if
            > >>
            > >>>they in turn use other packages?
            > >>>
            > >>>TIA
            >
            >>>_________________________________________________________________
            > >>>Get your FREE download of MSN Explorer at
            > http://explorer.msn.com
            > >>>
            > >>>
            > >>>To unsubscribe from this group, send an email to:
            > >>>soaplite-unsubscribe@yahoogroups.com
            > >>>
            > >>>
            > >>>
            > >>>Your use of Yahoo! Groups is subject to
            > >>>
            > >>http://docs.yahoo.com/info/terms/
            > >>
            > >>
            > >>
            > >>To unsubscribe from this group, send an email to:
            > >>soaplite-unsubscribe@yahoogroups.com
            > >>
            > >>
            > >>
            > >>Your use of Yahoo! Groups is subject to
            > >>http://docs.yahoo.com/info/terms/
            > >>
            > >>
            > >
            > >
            > >__________________________________________________
            > >Do You Yahoo!?
            > >Get personalized email addresses from Yahoo! Mail
            > >http://personal.mail.yahoo.com/
            > >
            > >To unsubscribe from this group, send an email to:
            > >soaplite-unsubscribe@yahoogroups.com
            > >
            > >
            > >
            > >Your use of Yahoo! Groups is subject to
            > http://docs.yahoo.com/info/terms/
            > >
            >
            >
            >
            > To unsubscribe from this group, send an email to:
            > soaplite-unsubscribe@yahoogroups.com
            >
            >
            >
            > Your use of Yahoo! Groups is subject to
            > http://docs.yahoo.com/info/terms/
            >
            >


            __________________________________________________
            Do You Yahoo!?
            Get personalized email addresses from Yahoo! Mail
            http://personal.mail.yahoo.com/
          Your message has been successfully submitted and would be delivered to recipients shortly.