[Catalyst] taint mode
Phil Mitchell
phil at 2people.org
Fri Nov 25 19:36:53 CET 2005
I turned on taint mode in my app (using -T switch in myapp_server.pl).
It immediately dies with an "insecure dependency" error when Catalyst
tries to load my first controller:
<<SNIP;
Insecure dependency in eval while running with -T switch at
/usr/local/share/perl/5.8.4/UNIVERSAL/require.pm line 98.
UNIVERSAL::require('Reef::C::Auth') called at
/usr/local/share/perl/5.8.4/Module/Pluggable/Fast.pm line 82
SNIP
AFAIK, this happens because the string passed to require has not been
untainted. How should this be handled? Are people running under taint
mode?
There's no mention of this on the wiki -- I set up a blank page for
security and taint issues, where I'll summarize what I learn...
--
==========================
2People Blog: http://2-people.blogspot.com/
2People site: http://www.2people.org
More information about the Catalyst
mailing list