&fml8; checks the input by regular expression FML::Restriction class provides. Restrictions for article are ambiguous or too restrictive. In fact FML::Restriction class does not provide restriction rules for article posting. Instead FML::Filter filter system checks each line of content. FML::Process::Command class parses each line of the command mail and checks the input by regular expressions FML::Restriction::Command provides. If the check is passed, &fml8; calls FML::Command::{User,Admin}::COMMAND at the next step. CGI programs can receive the input from HTTP via only safe_param_XXX() method. It is expected that safe_param_*() and try_cgi_*() returns the safe value. These safe_param_XXX() functions checks the input by regular expressions FML::Restriction::CGI provides (FML::Restriction::CGI inherits FML::Restriction::Base). CUI runs on the shell. It means he/she who runs CUI has priviledge to log in the mailing list server. So it does not check the input. Each module checks the input independetly in that case though no checks by FML::Restriction at the entrance. For example, "adduser" module checks whether the input address is valid or not even in the case of CUI. These restrictions are dependent command specific modules. These are applied even in the case of CUI. ACLs for the input data and commands are found at FML::Restriction class. For example, CGI modules use FML::Restriction::CGI class to check if the input data matches the proper regular expression. Though FML::Restriction inherits FML::Restriction::Base class, fundamentally each module should use FML::Restriction as object composition. For example, use in the following way: use FML::Restriction::CGI; $safe = new FML::Restriction::CGI; my $allowed_regexp = $safe->param_regexp(); if ($value =~ /^$allowed_regexp{$key}$) { ... ok, do something ... ;} CGI checks the input data by using FML::Restriction::CGI class. The input should be restricted by FML::Restriction class. We should not use param() method provided by perl's CGI class. Instead use safe_param_xxx() method always to get value. The following use may be allowed for my $dirty_buf (param()) { ... check ... } but we should not use raw param() call. param($dirtty_buf) Instead, use safe_param_key(). for my $key (param()) { ... check ... if (key eq $key) { value = safe_param_key() } } FML::Restriction class allows a subset of RFC defined expression. RRC definition is too large. It is too difficult to implement it ;-) We restrict the expression a little. FML::Restriction::Command may be more granular but more granular version is not implemented.