a little because it's not really one of my VALID run modes, but declaring it with $self->run_modes() means that if someone calls my app with rm=AUTOLOAD CGI::App thinks it's a valid run-mode.
If "someone" calls your run mode? Isn't the programmer the one who sets up the "rm=" URL or form query info? Aren't you the programmer? (Or aren't you someone who has contact with other programmers in your group? Or if not even that and it's just an issue of you worrying that your code might have widespread distribution that other people will build upon and other random anonymous programmers might incorrectly declare a rm=AUTOLOAD, then why would you care?)
Or maybe you're worried about users playing around with the ?rm=SOME_RUN_MODE tag in the URLs that you've given them to work with?
I've built a library that makes all my links, and it automatically includes an MD5 checksum generated with the concatination of all the other key/value pairs in the query string and a secret key. If the URL submitted doesn't HMAC properly against the checksum, I tell the user that they "did it wrong" and I delete their session. (I've contempled redirecting them to goatse.cx too, but I'd probably get in trouble for that. :-) )
I don't have this scheme implemented for POST queries and hidden form fields, but it's the next logical step, and probably not all that tough to do.
Or maybe I didn't understand your concern. :-) I focussed on the first paragraph, which seemed to be mainly a "what if someone cooks up their own run mode"? The rest of your email seemed to be "how can I keep my run modes from multiplying out of hand?"
Cheers,
Richard
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.