> > > What happens is that when I try to make a connection to my
> > > datasource, and the DBI code tries to "require" the appropriate Ruby
> > > database library, it gets an exception, saying this is an insecure
> > > operation.
> 
> Have you tried modifying RubySafeLevel in your Apache configuration? For
> example, if you say
> 
>   RubySafeLevel 0   # Probably unwise for production, but may be
>                     # a useful test
> 
> do the exceptions go away?

DO NOT DO THIS!!!  The safety level of mod_ruby is a good thing and
helps keep mod_ruby from getting lime light attention on BugTraq.

The problem isn't with mod_ruby, it's with DBI and the string that
you're using for your DSN.

Bad:   dbh = DBI.connect('dbi:pg:......')
Good:  dbh = DBI.connect('dbi:Pg:......')

The difference?  There was some bogus code that was committed to DBI
once upon a time that lets you be case insensitive when specifying
your DBD driver.  The way that it does this is by trying to require
'pg' and if it can't find 'pg', then it opens up the directory, reads
the files there, then requires a match.  The problem is though that
when reading from the directory under a safe level of 1, the directory
input is tainted.  I'll try and squeeze out a patch to have it
included in the next version of DBI, however, PLEASE, PLEASE, PLEASE
keep the safe level at 1 unless you absolutely know what you're doing
and then some.  -sc

-- 
Sean Chittenden