It's fairly trivial to write a Perl script to perform a specific task as a CGI if you're an experienced Perl programmer. So why bother learning how to use a specific module to perform a task if you can hack up something offhand? The risks of doing this probably are in proportion to the experience of the scriptor and his/her familiarity with the CGI-related risks, but in the long run, the added value of learning and using the appropriate module will definitely outweigh the bother of learning to use it. Hopefully, this will become evident to you as you read this tutorial.
Safe module is relatively new to Perl5 but is already part of the default distribution. It provides you with the capability to create a "compartment" where only certain Perl operations can be executed. If a script attempts to execute an operation that is disallowed or hasn't been specifically allowed, the operation will be trapped, and the error will be found in
$@, just as with
eval(), looking something like
open trapped by operation mask
to indicate that the
open() operator is not allowed within the compartment.
You might use the
Safe module to create a compartment where the script can never execute a command that causes the UNIX shell to be invoked, for instance, by masking out the opcodes that correspond to
glob(). Masking these oper- ations is the default when creating a new
Safe module, as of Perl5.003, uses the
Opcode module to set up its compartment and the masks for each of the opcodes that are considered unsafe in the typical insecure environment. The
Opcode module relies on the fact that Perl code is compiled into an internal format before it is executed. Within this compiled internal format, is of the operations Perl can execute is reduced to a numerical value. If a mask has been put in place for any given operation's opcode, for instance,
open(), the compilation will fail if the
open() statement is found anywhere in the Perl code. The
Opcode module is not usually used directly but should be understood by those who will be setting up