You need to change your RubySafeLevel in your httpd.conf file. Here's my
modruby section:

# Enable mod_ruby
<IfModule mod_ruby.c>
  RubyRequire apache/ruby-run
  RubyRequire apache/ruby-debug
  RubyRequire apache/eruby-run
  RubyRequire apache/eruby-debug
  RubyRequire auto-reload
  RubyOutputMode sync
  RubySafeLevel 0
  <Files *.rhtml>
    SetHandler ruby-object
    RubyHandler Apache::ERubyDebug.instance
  </Files>
  <Files *.rb>
    SetHandler ruby-object
    RubyHandler Apache::RubyRun.instance
  </Files>
</IfModule>

-
Travis Whitton <whitton / atlantic.net>


In article <200210031922.48955.harryo / zip.com.au>, Harry Ohlsen wrote:
> I did a quick search on the ruby-talk archive, but to no avail, so here's my 
> question ...
> 
> I'm trying to use postgres in some code accessed through mod_ruby. However, 
> I'm having issues with "safe-ness" :-(.  I assume there's something obvious 
> I'm missing, but I just can't see it.
> 
> What happens is that when I try to make a connection to my datasource, and 
> the DBI code tries to "require" the appropriate Ruby database library, it gets 
> an exception, saying this is an insecure operation.
> 
> I had similar problems in other places, and just did an untaint on the 
> appropriate objects.  That's the kind of hacking I obviously want to minimise 
> in a web application.
> 
> In any case, I can't work out how to fix this one, since the string in the 
> require is hard-coded and I definitely don't want to hack the module.
> 
> It seems to me that this must be a common issue, since it would presumably 
> happen with any library one wished to use in mod_ruby code.
> 
> Thanks in advance,
> 
> Harry O.
> 
> 
> 


-- 
Bill Gates is a mean and selfish man and Microsoft reflects his inner poverty.