Hack #48. Control Access to Remote Objects
Enforce access control to your objects.
Perl's idea of access control and privacy is politeness. Sometimes this is useful—you don't have to spend a lot of time and energy figuring out what to hide and how. Sometimes you need to rifle through someone else's code to get your job done quickly.
Other times, security is more important than ease of coding—especially when you have to deal with the cold, hostile world at large. Though you may need to make your code accessible to the wilds of the Internet, you don't want to let just anyone do anything.
Modules and frameworks such as SOAP::Lite
make it easy to provide web service access to plain old Perl objects. Here's one way to make them somewhat safer.
The Hack
First, decide what kinds of operations you need to support on your object. Take a standard web-enabled inventory system. You need to fetch an item, insert an item, update an item, and delete an item. Then identify the types of access: creating, reading, writing, and deleting.
You could maintain a list in code or a configuration file somewhere mapping all the access controls to all the methods of the objects in your system. That would be silly, though; this is Perl! Instead, consider using a subroutine attribute [Hack #45].
package Proxy::AccessControl; use strict; use warnings; use Attribute::Handlers; my %perms; sub UNIVERSAL::perms { my ($package, $symbol, $referent, $attr, $data) = @_; my $method = *{ $symbol }{NAME}; for my $permission ...
Get Perl Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.