> > > What happens is that when I try to make a connection to my > > > datasource, and the DBI code tries to "require" the appropriate Ruby > > > database library, it gets an exception, saying this is an insecure > > > operation. > > Have you tried modifying RubySafeLevel in your Apache configuration? For > example, if you say > > RubySafeLevel 0 # Probably unwise for production, but may be > # a useful test > > do the exceptions go away? DO NOT DO THIS!!! The safety level of mod_ruby is a good thing and helps keep mod_ruby from getting lime light attention on BugTraq. The problem isn't with mod_ruby, it's with DBI and the string that you're using for your DSN. Bad: dbh = DBI.connect('dbi:pg:......') Good: dbh = DBI.connect('dbi:Pg:......') The difference? There was some bogus code that was committed to DBI once upon a time that lets you be case insensitive when specifying your DBD driver. The way that it does this is by trying to require 'pg' and if it can't find 'pg', then it opens up the directory, reads the files there, then requires a match. The problem is though that when reading from the directory under a safe level of 1, the directory input is tainted. I'll try and squeeze out a patch to have it included in the next version of DBI, however, PLEASE, PLEASE, PLEASE keep the safe level at 1 unless you absolutely know what you're doing and then some. -sc -- Sean Chittenden