| DBI security tainting |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| l | By default the
DBI ignores Perl tainting |
|||||||||||||||||
| n | doesn't taint
returned data |
|||||||||||||||||
| n | doesn't check
that parameters are not tainted |
|||||||||||||||||
| l | The Taint
attribute enables that behaviour |
|||||||||||||||||
| – | If Perl itself is
in taint mode |
|||||||||||||||||
| l | Each handle has
it's own inherited Taint attribute |
|||||||||||||||||
| n | So can be
enabled for a connection and disabled for particular |
|||||||||||||||||
| statements, for
example: |
||||||||||||||||||
| $dbh =
DBI->connect(…, { Taint => 1 }); |
||||||||||||||||||
| $sth =
$dbh->prepare("select * from safe_table"); |
||||||||||||||||||
| $sth->{Taint}
= 0; # no tainting on this handle |
||||||||||||||||||