How is it a security hole?

On Tue, May 30, 2017 at 10:41 AM, Ruben Safir <ru...@mrbrklyn.com> wrote:

> On Tue, May 30, 2017 at 09:47:59AM +0100, James Smith wrote:
> > Not really a mod_perl question but you can always wrap your method
> > call in an eval
> >
> > my $ret = eval { $m->...() };
> >
> > And then check $@ for the error message
> >
>
>
> that is a security hole
>
> >
> > On 2017-05-26 02:08 AM, Peng Yonghua wrote:
> > >greeting,
> > >
> > >I am not so good at perl/modperl,:)
> > >
> > >In the handler, a method from a class was called, when something
> > >dies from within the method, what's the correct way the handler
> > >will take?
> > >
> > >for example, I wrote this API which works right if given a correct
> > >domain name:
> > >
> > >http://fenghe.org/domain/?d=yahoo.com
> > >
> > >server response:
> > >var data={"registration":"domain may be taken","domain":"yahoo.com"}
> > >
> > >If given a wrong domain name:
> > >
> > >http://fenghe.org/domain/?d=yahoo.nonexist
> > >
> > >The server returns 500.
> > >
> > >This is because, in the handler, I used this module (wrote also by me):
> > >
> > >http://search.cpan.org/~pyh/Net-Domain-Registration-Check-
> 0.03/lib/Net/Domain/Registration/Check.pm
> > >
> > >
> > >And in the module, croak like this was happened,
> > >
> > >croak "domain TLD not exists" unless tld_exists($tld);
> > >
> > >When handler meets the croak, it dies (I guess) and server returns 500.
> > >
> > >How will I make the full system work right? fix on handler, or the
> > >module itself?
> > >
> > >Thanks.
> >
> >
> >
> > --
> > The Wellcome Trust Sanger Institute is operated by Genome Research
> > Limited, a charity registered in England with number 1021457 and a
> > company registered in England with number 2742969, whose registered
> > office is 215 Euston Road, London, NW1 2BE.
>
> --
> So many immigrant groups have swept through our town
> that Brooklyn, like Atlantis, reaches mythological
> proportions in the mind of the world - RI Safir 1998
> http://www.mrbrklyn.com
>
> DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
> http://www.nylxs.com - Leadership Development in Free Software
> http://www2.mrbrklyn.com/resources - Unpublished Archive
> http://www.coinhangout.com - coins!
> http://www.brooklyn-living.com
>
> Being so tracked is for FARM ANIMALS and and extermination camps,
> but incompatible with living as a free human being. -RI Safir 2013
>
>


-- 
John Dunlap
*CTO | Lariat *

*Direct:*
*j...@lariat.co <j...@lariat.co>*

*Customer Service:*
877.268.6667
supp...@lariat.co

Reply via email to