[Catalyst] "or die" replacement?

apv apv at sedition.com
Thu Mar 16 20:26:45 CET 2006


On Thursday, March 16, 2006, at 11:15  AM, Steven Hilton wrote:
> On 3/16/06, apv <apv at sedition.com> wrote:
>> And I should have said:
>> On Thursday, March 16, 2006, at 10:56  AM, apv wrote:
>>> My main cat project is dying with codes right now, e.g., "RC_503:
>>> Database cannot be reached," if there is a \bDBI\b in the
>>> $c->error(s) and sending email to the dev (via a config file
>>> address) with the Email plugin.
>>
>> And giving a pretty site formatted error page and providing the
>> error chain if debug is on, otherwise just giving the general
>> http status info: "404: resource not found" etc.
>
> Be careful of that. A full perl stack trace includes method
> parameters, and that may include sensitive information, like database
> connection information, including a password. You might not want the
> world to see that.
>
You are wise. And I hope I am too. I only use debug for testing
(usually on a restricted master/local server) I usually filter the 
template
via session variables (e.g., only the site "admin" level can see the 
debug
info) and I only use mysql connect files for passwords so the Perl is
totally unaware of them. I know you can do similar tricks with Oracle 
but
I don't know if there is a similar thing with Pg.

-Ashley




More information about the Catalyst mailing list