[Catalyst] Catalyst and Taint?
Chris Weyl
cweyl at alumni.drew.edu
Wed Jul 23 07:45:09 BST 2008
On Tue, Jul 22, 2008 at 8:30 PM, Matt S Trout <dbix-class at trout.me.uk> wrote:
> On Mon, Jul 21, 2008 at 10:08:11PM -0700, Chris Weyl wrote:
>> Hey all --
>>
>> A google of "catalyst taint" turns up this message:
>>
>> http://lists.scsys.co.uk/pipermail/catalyst/2005-December/004007.html
>>
>> It doesn't look like there has been a release of
>> Module::Pluggable::Fast since then. Does anyone know where this patch
>> lurks? :-) (Assuming, of course, that this is still the right path to
>> work down.)
>
> We don't even use Module::Pluggable::Fast anymore. Catalyst went back to
> a refactored plain Module::Pluggable instead for 5.70+. Hopefully the
> patch claco sent back then got applied somewhere in the meantime.
>
> Before caring about a three year old message, first check the module
> it refers to is even involved anymore :)
I'll keep that in mind :)
According to CPAN, Module::Pluggable::Fast hasn't been updated since
16 Dec 2005, about 2 weeks before that email was sent.... If it was
applied, I rather suspect it wasn't there.
> (and since you're the only person since to mention taint mode, I don't
> think most people care about it - I certainly don't see it being very
> useful for Catalyst code, maybe you could enlighten us as to why you
> do?)
Taint mode would seem to be a good way to help protect against
accidental exposures, especially in internet-facing apps. I was
curious to see what would happen if I tried running an instance with
-T... Admittedly, I'm more of a newbie Catalyst user than internals
person by any measure, but is there something about Catalyst that
renders taint unnecessary, or moot? ...or obsolete? ...or more of a
pain than it's worth?
-Chris
--
Chris Weyl
Ex astris, scientia
More information about the Catalyst
mailing list