[CDBI] Re: how can I make data returned from CDBI methods be considered untainted?

Charlie Katz ckatz at cfa.harvard.edu
Mon Mar 5 16:16:42 GMT 2007


On Friday 02 March 2007 4:23 pm, Michael G Schwern wrote:
> Charlie Katz wrote:
>> In my mod_perl application, I trust the data CDBI is giving me
>> from my database (SQLite), so I would like it not to be considered
>> tainted. In my CDBI application base class, after setting up the
>> connection to the database, I say
>>
> >> __PACKAGE__->db_Main->{Taint} = 0
>
> This should have worked but its unsafe.  Should CDBI need to reconnect it
> will set it back to the default.

Ah, that could easily explain why I'm still getting tainted data.

> You should be able to just to this:
>
>     # TaintOut was added in DBI 1.31 and its safer than setting
>     # Taint => 0 as tainted input is still unacceptable.
>     Your::CDBI->connection($dsn, $user, $pass, { TaintOut => 1 });

Makes sense; I'll do that and see if it solves the problem.  Thanks for the 
help.  I'm finding CDBI remarkably easy to use, but as a DBI novice I have 
lots of details still to learn (which makes it a lot of fun).

Charlie

-- 
Charlie Katz
Harvard-Smithsonian Center for Astrophysics
ckatz at cfa.harvard.edu



More information about the ClassDBI mailing list