Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: CGI::Session, taint mode, and tainted session file input data

by emazep (Priest)
on Apr 25, 2005 at 09:51 UTC ( #451131=note: print w/ replies, xml ) Need Help??


in reply to CGI::Session, taint mode, and tainted session file input data

That is, somehow untainting the session data string read from a file (or database record for that matter), before CGI::Session then uses thaw() to recreate the session hash?

If you get your session data from a db server (via DBI) you don't need to untaint them (unless you've set the TaintOut or Taint DBI attributes and you run your program in taint mode -- both these attributes default to off, even if perl is in taint mode).
Therefore switching from the file backend to a DBI backend (natively supported by CGI::Session for SQLite, MySQL and PostgreSQL) for your session data, can be a workaround (provided that you can trust your db of course).

Ciao,
Emanuele.


Comment on Re: CGI::Session, taint mode, and tainted session file input data

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://451131]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others surveying the Monastery: (11)
As of 2014-10-20 10:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (75 votes), past polls