Results 1 to 4 of 4
  1. #1
    Join Date
    Sep 2000
    Posts
    514

    Question

    The info I got from Alabanza says this about what comes pre installed with the server

    "*We CANNOT add mod_perl for security reasons."

    I am no apache/perl guru so I need to know what mod_perl is used for and what security holes they are speaking of.

    For them to specifically state this there must be alot of people who ask for it and I have heard of it many times.

  2. #2
    There are certain ownership issues attached to using mod_perl, specifically dealing with mod_perl directly executing code. This is the security problem, and why mod_perl is not typically offered by virtual hosting companies (but dedicated customers - one site on a server - quite frequently install it, as they are the only ones utilizing server resources anyway). For more information, take a look at the FAQ here:
    http://www.ping.de/~fdc/mod_perl/


    Annette
    Hosting Matters, Inc.
    Superior service. Sensible price.

  3. #3
    Jeremy,

    Techie version: mod_perl is a Perl module that enables you to embed a Perl interpreter within the Apache web server. Embedding the interpreter allows you to write Apache handlers or modules entirely in Perl. You can even configure the server using Perl code. And all existing modules on CPAN (or elsewhere) are available to you during this process.

    English version: mod_perl speeds up CGI scripts and other Perl programs by negating the need for a seperate Perl interpreter. Normally when a website visitor runs a Perl program the request is sent to the server, then from the server to the Perl interpreter, the interpreter compiles the Perl code and runs it, then sends the result back to the server, from where it is sent back to the visitor. Using mod_perl the request simply goes visitor > server > visitor. mod_perl also caches compiled code which can save on server overhead as well as giving marked speed increases.

    The security implications are fairly obvious - the server is opened up to direct attacks from within Perl code, attacks from which it is normally shielded (at least to a degree) by the interpreter. It is also at the mercy of sloppy coding, syntax errors, etc etc.

    The final nail in the coffin is that mod_perl enabled Apache servers have massive memory demands - anywhere from 5-20x the memory demand of a server running Apache on its own.

    Hope this helps,
    Speedie.
    What would happen in a world without hypothetical questions?

  4. #4
    Rats - that Annette just types too darn fast

    Speedie
    What would happen in a world without hypothetical questions?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •