[Catalyst] Regarding the Authentication Tutorial

Matt S Trout dbix-class at trout.me.uk
Wed Sep 6 15:02:08 CEST 2006


Kay Sindre Bærulfsen wrote:
> Hi people,
> 
> http://search.cpan.org/~mramberg/Catalyst-Runtime-5.7001/lib/Catalyst/Manual/Tutorial/Authentication.pod
> 
> I was reading trough the Authentication Tutorial in the Catalyst
> documentation, and found something I believe could be a
> security-problem in applications using this approach. I guess you can
> look at it as a typo too. :P

http://dev.catalyst.perl.org/docs/Catalyst/Manual/Tutorial/Authentication.html#add_valid_user_check

Notice it says

if ($c->controller eq $c->controller('Login')) {

instead, which is a rather better fix than the one you propose. This will be 
shipped as part of 5.7002

-- 
      Matt S Trout       Offering custom development, consultancy and support
   Technical Director    contracts for Catalyst, DBIx::Class and BAST. Contact
Shadowcat Systems Ltd.  mst (at) shadowcatsystems.co.uk for more information

+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +



More information about the Catalyst mailing list