RE: parameters taintness

2008-04-22 Thread Eli Shemer
t: Tuesday, April 22, 2008 9:40 PM To: Eli Shemer Cc: modperl@perl.apache.org Subject: Re: parameters taintness On Mon, Apr 21, 2008 at 3:48 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > eval{ > > tie %session, 'Apache::Session::MySQL', $id, > { >

Re: parameters taintness

2008-04-22 Thread Perrin Harkins
On Mon, Apr 21, 2008 at 3:48 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > eval{ > > tie %session, 'Apache::Session::MySQL', $id, > { > Handle => $dbh, > LockHandle => $dbh > }; > } > > Same behavior as I previously mentioned when the Tainted is enabled

RE: parameters taintness

2008-04-21 Thread Eli Shemer
TED] [mailto:[EMAIL PROTECTED] On Behalf Of Perrin Harkins Sent: Monday, April 21, 2008 8:13 PM To: Eli Shemer Cc: modperl@perl.apache.org Subject: Re: parameters taintness On Mon, Apr 21, 2008 at 2:53 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > I summed it down to this line of code > &g

Re: parameters taintness

2008-04-21 Thread Perrin Harkins
On Mon, Apr 21, 2008 at 2:53 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > I summed it down to this line of code > > my $id = $cookies{ANONYMOUS_ID}->value; > if ($id =~ m/(.+)/) { $id=$1; } > > tie %session, 'Apache::Session::MySQL', $id, > { > Handle => $dbh, > LockHandle => $dbh > };

RE: parameters taintness

2008-04-21 Thread Eli Shemer
la]:localhost","[bla]","[bla]") or die "Cannot connect to database: $DBI::errstr"; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perrin Harkins Sent: Monday, April 21, 2008 7:36 PM To: Eli Shemer Cc: modperl@perl.apache.org Su

RE: parameters taintness

2008-04-21 Thread Eli Shemer
odperl@perl.apache.org Subject: Re: parameters taintness On Mon, Apr 21, 2008 at 2:02 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > Well, for now I've diagnosed it to crook due to the cookies/session > operation. > Because once I remove the cookie from my browser, everything wor

Re: parameters taintness

2008-04-21 Thread Perrin Harkins
On Mon, Apr 21, 2008 at 2:02 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > Well, for now I've diagnosed it to crook due to the cookies/session > operation. > Because once I remove the cookie from my browser, everything works > correctly. Ok, but you need to find what line in your code is having t

Re: parameters taintness

2008-04-21 Thread David Nicol
On Mon, Apr 21, 2008 at 1:02 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > Using telnet/netcase is nice but it will be a nightmare to write a > debugger > script that will simulate all of the operations up to that point. (login, > submission of data to the page) http://search.cpan.org/author/PETD

RE: parameters taintness

2008-04-21 Thread Eli Shemer
ache.org Subject: Re: parameters taintness On Mon, Apr 21, 2008 at 12:45 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > It's stuck on "Waiting for... " in the status bar Step away from the browser. If you've never learned how to debug a web request with telnet or lwp-r

Re: parameters taintness

2008-04-21 Thread William A. Rowe, Jr.
Perrin Harkins wrote: On Mon, Apr 21, 2008 at 12:45 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: It's stuck on "Waiting for... " in the status bar Step away from the browser. If you've never learned how to debug a web request with telnet or lwp-request, this is a good time to learn. Just google

Re: parameters taintness

2008-04-21 Thread Perrin Harkins
On Mon, Apr 21, 2008 at 12:45 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > It's stuck on "Waiting for... " in the status bar Step away from the browser. If you've never learned how to debug a web request with telnet or lwp-request, this is a good time to learn. Just google "telnet 80 debugging" or

RE: parameters taintness

2008-04-21 Thread Eli Shemer
It's stuck on "Waiting for... " in the status bar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Perrin Harkins Sent: Monday, April 21, 2008 5:24 PM To: Eli Shemer Cc: modperl@perl.apache.org Subject: Re: parameters taintness On Mon, Apr

Re: parameters taintness

2008-04-21 Thread Perrin Harkins
On Mon, Apr 21, 2008 at 12:27 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > Stuck meaning that I cannot logon to my web site at all. > I have to close the explorer and open it again. Ok, you need to do some debugging. First I'd try connecting with telnet or a command-line browser like lwp-request

RE: parameters taintness

2008-04-21 Thread Eli Shemer
Sent: Monday, April 21, 2008 5:24 PM To: Eli Shemer Cc: modperl@perl.apache.org Subject: Re: parameters taintness On Mon, Apr 21, 2008 at 12:21 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > Problem is, > > When DBI "Taint" is on, the page is completely stuck and I cannot find

Re: parameters taintness

2008-04-21 Thread Perrin Harkins
On Mon, Apr 21, 2008 at 12:21 PM, Eli Shemer <[EMAIL PROTECTED]> wrote: > Problem is, > > When DBI "Taint" is on, the page is completely stuck and I cannot find any > errors or warning in the error_log. Can you be a little more descriptive? What does "stuck" mean in this case? - Perrin

parameters taintness

2008-04-21 Thread Eli Shemer
Hey there I’m looking for more information on this subject. I’m using mod_perl2 and apache2 Currently what I’m trying to do is to make both the page and the DBI module tainted-enabled I have –t enabled in httpd.conf And {Taint => 1} upon the DBI connection call. I’ve made modifica