Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: CGI::Session, taint mode, and tainted session file input data

by emazep (Priest)
on Apr 25, 2005 at 09:51 UTC ( #451131=note: print w/ replies, xml ) Need Help??


in reply to CGI::Session, taint mode, and tainted session file input data

That is, somehow untainting the session data string read from a file (or database record for that matter), before CGI::Session then uses thaw() to recreate the session hash?

If you get your session data from a db server (via DBI) you don't need to untaint them (unless you've set the TaintOut or Taint DBI attributes and you run your program in taint mode -- both these attributes default to off, even if perl is in taint mode).
Therefore switching from the file backend to a DBI backend (natively supported by CGI::Session for SQLite, MySQL and PostgreSQL) for your session data, can be a workaround (provided that you can trust your db of course).

Ciao,
Emanuele.


Comment on Re: CGI::Session, taint mode, and tainted session file input data

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://451131]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (13)
As of 2015-07-30 13:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (271 votes), past polls