Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: CGI::Session, taint mode, and tainted session file input data

by emazep (Priest)
on Apr 25, 2005 at 09:51 UTC ( [id://451131]=note: print w/replies, xml ) Need Help??


in reply to CGI::Session, taint mode, and tainted session file input data

That is, somehow untainting the session data string read from a file (or database record for that matter), before CGI::Session then uses thaw() to recreate the session hash?

If you get your session data from a db server (via DBI) you don't need to untaint them (unless you've set the TaintOut or Taint DBI attributes and you run your program in taint mode -- both these attributes default to off, even if perl is in taint mode).
Therefore switching from the file backend to a DBI backend (natively supported by CGI::Session for SQLite, MySQL and PostgreSQL) for your session data, can be a workaround (provided that you can trust your db of course).

Ciao,
Emanuele.

  • Comment on Re: CGI::Session, taint mode, and tainted session file input data

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://451131]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (9)
As of 2024-04-18 14:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found