[Catalyst] Regarding the Authentication Tutorial
Matt S Trout
dbix-class at trout.me.uk
Wed Sep 6 15:02:08 CEST 2006
Kay Sindre Bærulfsen wrote:
> Hi people,
>
> http://search.cpan.org/~mramberg/Catalyst-Runtime-5.7001/lib/Catalyst/Manual/Tutorial/Authentication.pod
>
> I was reading trough the Authentication Tutorial in the Catalyst
> documentation, and found something I believe could be a
> security-problem in applications using this approach. I guess you can
> look at it as a typo too. :P
http://dev.catalyst.perl.org/docs/Catalyst/Manual/Tutorial/Authentication.html#add_valid_user_check
Notice it says
if ($c->controller eq $c->controller('Login')) {
instead, which is a rather better fix than the one you propose. This will be
shipped as part of 5.7002
--
Matt S Trout Offering custom development, consultancy and support
Technical Director contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd. mst (at) shadowcatsystems.co.uk for more information
+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +
More information about the Catalyst
mailing list