Well,

Indeed it probably got stuck every time due to the locking issue but =
that
doesn=92t matter really.
What I actually wanted was for a mechanism to alert me when my variables =
are
not safe enough to work with but I could not do that.
I never got any warning in the error_log and I still don=92t know how to =
get
DBI to do that.

But regardless, I've stress checked my variables since, manually, and =
I've
used sql injection tools that try to penetrate to sites. Namely, my own.


-----Original Message-----
From: pharkins@gmail.com [mailtoharkins@gmail.com] On Behalf Of Perrin
Harkins
Sent: Tuesday, April 22, 2008 9:40 PM
To: Eli Shemer
Cc: modperl@perl.apache.org
Subject: Re: parameters taintness

On Mon, Apr 21, 2008 at 3:48 PM, Eli Shemer =
wrote:
> eval{
>
> tie %session, 'Apache::Session::MySQL', $id,
> {
> Handle =3D> $dbh,
> LockHandle =3D> $dbh
> };
> }
>
> Same behavior as I previously mentioned when the Tainted is enabled =

in
> DBI->Connect


I think you should try writing a command-line script using DBI and see
if you get the same behavior.

- Perrin

No virus found in this incoming message.
Checked by AVG.=20
Version: 7.5.524 / Virus Database: 269.23.3/1390 - Release Date: =
21/04/2008
16:23
=20

No virus found in this outgoing message.
Checked by AVG.=20
Version: 7.5.524 / Virus Database: 269.23.3/1390 - Release Date: =
21/04/2008
16:23
=20