[Catalyst] plat_forms report published on June 20th. 2007. Genevateam on Catalyst wins the Perl track.

Octavian Rasnita orasnita at gmail.com
Wed Jun 20 20:25:17 GMT 2007

From: "Daniel McBrearty" <danielmcbrearty at gmail.com>
> If you read closely (p43), re SQL injection :
> "We record any failures to process our inputs appropriately as broken
> only, i.e., when an
> exception is raised that stems directly from the SQL processing rather
> than the application logic. We record a solution as correct if it
> processes acceptable inputs correctly and rejects inacceptable inputs
> with an error message produced under proper control of the
> application. Note that in this approach, an application flagged as
> broken may actually be acceptable (in particular: secure), but it is
> impossible to be sure from the outside so we
> take a conservative approach."
> I'd guess that they got a cat exception passed up from DBIx::Class,
> and classified that as broken, basically because the team didn't
> actually catch the error. But even so, the db itself would have been
> safe.

Is Catalyst showing DBIx::Class errors in the browser if the program doesn't 
have the Debug module active?
I thought it shows that page with "Please come back later" in a few 


More information about the Catalyst mailing list