[Catalyst] {OT] protecting against attacks with multilingual input

Daniel McBrearty danielmcbrearty at gmail.com
Tue Dec 5 13:28:37 GMT 2006

> If you're talking about sql injection then presumably you could do
> this exactly the same as you would any other input field - use sql
> placeholders in a prepared query rather than blindly pasting
> untrusted input as sql.

This is what I'm talking about. I don't know this technique - I
thought the only approach was to filter input. I'm using DBIx, AFAIK
it does use placeholders ... ? If so, I can just take input, do some
basic "sanity" filtering, and store?

XSS is not such a worry - I'm not dealing with financial transactions
or such. It's more people being able to compromise the server that I
am thinking of.

Phaylon : sure. A simple example would be, say, a multilingual web
forum. A text field would have a size limit, but other than that most
any utf8 character could be input.

Daniel McBrearty
email : danielmcbrearty at gmail.com
www.engoi.com : the multi - language vocab trainer
BTW : 0873928131

More information about the Catalyst mailing list