A few months back my server installed the LWP and other perl modules for my use as a few scripts including Links required them. However, they have decided to remove them as they have security concerns regarding the modules. Apparently they pose a risk from outside parties (including bots) exploiting them.

Feedback?

Dan

What do they mean by 'outside parties'? People on the internet? Bots on te internet? They shouldn't have access to the system's perl, let alone LWP module. The only one with access to the module should be their own customers with valid accounts.

That said, it does allow their customers to create potentially damaging, and more resource intensive programs. For instance, one client had a zip file requested 80,000 times in under 12 hours, resulting in 52GB of bandwidth being used! It was just an automated LWP script.

That said, you can do almost all the same things with Socket module, however it is less portable and more work.

Hope that helps,

Alex

Not to mention the fact that a person can create a rather offensive spidering program that not only has a tendancy to overload external web servers, but if carefully constructed could be made to attempt denial of service attacks. Not a good thing for an ISP, especially since it would look like the denial of service was coming from them.


------------------
Fred Hirsch
Web Consultant & Programmer