One thing I want to look at for 8.3 is improving custom variable
classes. Right now these are all user settable, which makes them quite
inappropriate for security related settings (such as which perl modules
to load for use by trusted plperl). I'm wondering if we should perhaps
allow something like:
custom_variable_classes = 'foo' foo:<security_level>.bar = 'blurfl'
and providing some mechanism whereby we could ascertain that the value
comes from a permitted source.
I know I am not the only person who has noticed that we are a bit
lacking in this area.
As far as plperl goes, I guess I could instead use a db table to store a
set of module names for plperl to load, but then I would have to do some
fairly comprehensive permission tests.
Another possibility would be to provide somewhere in the catalog to
store such info. per db might be nicer, though.
Thoughts?
cheers
andrew
