[Catalyst] Input/Parameter Checks
Zbigniew Lukasiak
zzbbyy at gmail.com
Thu Dec 13 21:46:34 GMT 2007
You might have a look at
http://www.perlfoundation.org/perl5/index.cgi?form_processing - you'll
find there the most popular parameter validation modules. By the way
if you use SQL queries with placeholders you don't need to fear SQL
injection attacks.
Cheers,
Zbyszek
On Dec 13, 2007 9:21 PM, Mesdaq, Ali <amesdaq at websense.com> wrote:
> Anyone have some suggestions or references to good modules or best
> practices in this regards? This is mainly in regards to using these
> inputs in sql queries or other areas where common attacks against web
> applications happen. I wonder in the catalyst world what best practices
> are. Would it be a catalyst plugin that would best fit that role or a
> module that gets used in the controller possibly maybe just some code in
> the model? It just feels like its one of those things that has been
> solved by someone else way better than I would have done it and I am
> just not aware of it. Kinda like when I wrote my own logging module
> because at the time I didn't find a good one then I stumble accross
> log4perl and realize how badly I wasted my time!
>
> Thanks,
> ------------------------------------------
> Ali Mesdaq (CISSP, GIAC-GREM)
> Security Researcher II
> Websense Security Labs
> http://www.WebsenseSecurityLabs.com
> ------------------------------------------
>
>
> Protected by Websense Messaging Security ? www.websense.com
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.rawmode.org/
> Dev site: http://dev.catalyst.perl.org/
>
--
Zbigniew Lukasiak
http://brudnopis.blogspot.com/
More information about the Catalyst
mailing list