You might have a look at http://www.perlfoundation.org/perl5/index.cgi?form_processing - you'll find there the most popular parameter validation modules. By the way if you use SQL queries with placeholders you don't need to fear SQL injection attacks.
Cheers, Zbyszek On Dec 13, 2007 9:21 PM, Mesdaq, Ali <[EMAIL PROTECTED]> wrote: > Anyone have some suggestions or references to good modules or best > practices in this regards? This is mainly in regards to using these > inputs in sql queries or other areas where common attacks against web > applications happen. I wonder in the catalyst world what best practices > are. Would it be a catalyst plugin that would best fit that role or a > module that gets used in the controller possibly maybe just some code in > the model? It just feels like its one of those things that has been > solved by someone else way better than I would have done it and I am > just not aware of it. Kinda like when I wrote my own logging module > because at the time I didn't find a good one then I stumble accross > log4perl and realize how badly I wasted my time! > > Thanks, > ------------------------------------------ > Ali Mesdaq (CISSP, GIAC-GREM) > Security Researcher II > Websense Security Labs > http://www.WebsenseSecurityLabs.com > ------------------------------------------ > > > Protected by Websense Messaging Security ? www.websense.com > > _______________________________________________ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ > Dev site: http://dev.catalyst.perl.org/ > -- Zbigniew Lukasiak http://brudnopis.blogspot.com/ _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[EMAIL PROTECTED]/ Dev site: http://dev.catalyst.perl.org/
