[Cgi-session-user] FW: Taint problem with CGI::Session
Brought to you by:
sherzodr
Menu
▾
▴
[Cgi-session-user] FW: Taint problem with CGI::Session
|
From: Sherzod R. <she...@ha...> - 2006-08-23 10:57:58
|
-----Original Message-----
From: Sven Neuhaus [mailto:sv...@sv...]=20
Sent: Wednesday, August 23, 2006 3:44 AM
To: Sherzod Ruzmetov
Subject: Taint problem with CGI::Session
Hello Sherzod,
I found a problem with Taint mode, DBI connections with the TaintIn-flag =
set
and CGI::Session. In your module, in _init_new_session(), the functions
sticks $ENV{REMOTE_ADDR} into the database without untainting it first.
Could you change the module so it untaints this value? I guess you need =
a
regex that covers both IPv4 and IPv6 to be on the safe side.
If you need assistance, please let me know.
Thanks,
-Sven Neuhaus
|
