Well, for now I've diagnosed it to crook due to the cookies/session
operation.
Because once I remove the cookie from my browser, everything works
correctly.
(if I logged on to the suspicious page just before).

it seems reasonable in theory that DBI's Taintness operation finds the
session/cookie grabbing and setting as problematic and non-trust worthy.
Although it's not a GET/POST parameter but a simple %cookies = fetch
CGI::Cookie;

For general reference, these are the modules I have on the test page:
use strict;
use Apache::Session::MySQL;
use CGI::Cookie;
use Scalar::Util::Numeric qw(isnum);
use Apache2::Cookie;
use Apache2::Request;
use Apache2::Connection;

even if the DBI considers the cookie/session functions as tainted, and
indeed the page cannot be loaded.
why on earth will it continue to work like that in other pages?
It's as If I enter this page one time, since then all other pages are
Tainted-enabled also,
and I have to remove the cookie.

I really would like to get DBI to scream out when it finds a tainted
variable,
not hold the entire operation and withhold any further information.

Using telnet/netcase is nice but it will be a nightmare to write a debugger
script that will simulate all of the operations up to that point. (login,
submission of data to the page)

-----Original Message-----
From: pharkins@gmail.com [mailtoharkins@gmail.com] On Behalf Of Perrin
Harkins
Sent: Monday, April 21, 2008 5:54 PM
To: Eli Shemer
Cc: modperl@perl.apache.org
Subject: Re: parameters taintness

On Mon, Apr 21, 2008 at 12:45 PM, Eli Shemer wrote:
> It's stuck on "Waiting for... " in the status bar


Step away from the browser. If you've never learned how to debug a
web request with telnet or lwp-request, this is a good time to learn.
Just google "telnet 80 debugging" or something similar to find some
guides to get you started.

- Perrin

No virus found in this incoming message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 19/04/2008
11:31


No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.524 / Virus Database: 269.23.2/1387 - Release Date: 19/04/2008
11:31