Use on a server

Note: As of v0.0.4 Geo::Index has moved to using XS for its C code and thus the commentary on this page no longer applies. The text below is applicable only to v0.0.3 and below. At some point in future this page will be removed.

Geo::Index uses compiled C code to accelerate certain functions. The C code is compiled using Inline::C with the compiled files, by default, written to a subdirectory of the calling script's working directory. In a server environment it may be desirable to lock down the script so that it cannot write to files; this would normally prevent Inline::C from functioning.

If you are running in a server environment and want to use the accelerated C functions but do not want to make your script's working directory writable then there are two options available:

• Pre-build the C code
  To do this log in to the server as yourself (or another user as appropriate) then cd to the script's working directory. Next, run the following command:

  perl -e "use Geo::Index;"
  

  The C code should automatically be compiled and stored in the _Inline subdirectory. Once this has been done, change permissions and/or ownership of the _Inline subdirectory and its contents to suit your liking. A simple chmod -w -R _Inline might suffice.

• Specify a build and library directory
  If you want to use the compiled C functions but don't want the build to be done in the current directory, you can specify an alternate build and library directory. The example below creates build and lib directories along with a config file in /tmp/. For your own scripts, change /tmp as appropriate for your environment. The following should appear near the top of your script:

  # Specify the build and library directory
  use Inline(Config => DIRECTORY => '/tmp');
  
  # Load the module
  use Geo::Index;
  

  An example of doing this can be found in examples/inline_c_directory.pl

  Important: The specified directory must exist and be writable before the script is run.
  Important: The lines MUST appear in the order shown.

  Further discussion of this method can be found in the Inline documentation.

Taint mode

If your program uses taint mode then you may encounter issues with this module's use of Inline::C. There are three possible solutions to this:

• Don't use taint mode
  This may not be an option for you but is mentioned for completeness. To disable taint mode remove the -T flag from your invocation of Perl. For example, use #!/usr/bin/perl instead of #!/usr/bin/perl -T

• Pre-build the C code
  This method is similar to that descibed earlier. When initially invoking Perl be sure to run perl SCRIPT.pl instead of perl -T SCRIPT.pl (where SCRIPT.pl is your program that normally runs under taint mode). Subsequent invocations should work fine with taint mode on.

• Allow Inline to untaint things
  This method is quite effective but could be a potential security risk. If asked, Inline will "blindly [untaint] fields in both %ENV and Inline objects" thus allowing Inline::C code to compile and run under taint mode. Needless to say if you are using taint mode in production you should think carefully before doing this. To activate this method, Geo::Index should be included in your Perl script as follows:

    use Inline(Config => DIRECTORY => '/tmp');
    use Inline(Config => ( ENABLE => 'UNTAINT', NO_UNTAINT_WARN => 1 ) );
    use Geo::Index;
  

  (Adjust /tmp to your liking.)

Further discussion on using taint mode and Inline can be found on these external pages:

• How do I use Inline with mod_perl? in the Inline::C Cookbook
• untaint in the Inline documentation
• Taint mode in the perlsec manpage
• How do I use taint mode? - A brief introduction