[Cgi-session-user] CGI::Session driver:File - tainted session data?
Brought to you by:
sherzodr
Menu
▾
▴
[Cgi-session-user] CGI::Session driver:File - tainted session data?
|
From: Thomas L. S. <tsh...@io...> - 2005-09-04 04:53:20
|
I am having problems with tainted session data, using CGI::Session 3.95 and "driver:File". I am putting together another session module for Catalyst, and want to verify that it works under 3.95 before installing 4.0x.
Using "driver:MySQL" I have no problems. After switching the DSN to "driver:File" I blow up the first time I try to use a value from retrieved session data in a 'sensitive' way. Note that this is the same code - I'm only changing the DSN.
So I'm left to wonder:
- is session data from 3.95 File always tainted?
- is session data from 3.95 MySQL _not_ tainted?
- is there a 'nice' way to untaint a whole session data ref?
- and will 4.0x act any differently?
Other details you might ask are: DBI 1.46, DBD::mysql 2.9004, MySQL 3.23.54, Redhat Linux 7.2 (yes, I hang on to old things ;)
--
I'm a pessimist about probabilities; I'm an optimist about possibilities.
Lewis Mumford (1895-1990)
|
