Well, Indeed it probably got stuck every time due to the locking issue but that doesn’t matter really. What I actually wanted was for a mechanism to alert me when my variables are not safe enough to work with but I could not do that. I never got any warning in the error_log and I still don’t know how to get DBI to do that.
But regardless, I've stress checked my variables since, manually, and I've used sql injection tools that try to penetrate to sites. Namely, my own. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perrin Harkins Sent: Tuesday, April 22, 2008 9:40 PM To: Eli Shemer Cc: modperl@perl.apache.org Subject: Re: parameters taintness On Mon, Apr 21, 2008 at 3:48 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > eval{ > > tie %session, 'Apache::Session::MySQL', $id, > { > Handle => $dbh, > LockHandle => $dbh > }; > } > > Same behavior as I previously mentioned when the Tainted is enabled in > DBI->Connect I think you should try writing a command-line script using DBI and see if you get the same behavior. - Perrin No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1390 - Release Date: 21/04/2008 16:23 No virus found in this outgoing message. Checked by AVG. Version: 7.5.524 / Virus Database: 269.23.3/1390 - Release Date: 21/04/2008 16:23
