in reply to Re: Question of safe data passing... in thread Question of safe data passing...
On to something here...
Instead of just storing the DBI object, make a DBI wrapper object that every time you try any method it checks to see if $0 still matches the copy that it stored in itself somewhere. If it doesn't match then it dies out. This way, you wouldn't be able to spoof the script your running on.
Er... uh.. will Storable cache a DBI object and allow you to reconnect at a later point?
my @a=qw(random brilliant braindead); print $a[rand(@a)];
Re: Re: Re: Question of safe data passing...
by lindex (Friar) on Apr 27, 2001 at 19:25 UTC
|
Ahh, can't use $0 because then you could just exec the DSN wrapper with the name of a valid script and BAM you have the "frozen" DBI object.
The DSN wrapper must find the name of its caller on its own.
And it must get this information from none user corruptable data. So the idea of passing the DSN wrapper a pid and then have the wrapper check proc to make sure the pid matches a allowable script name is also out of the question.
lindex
/****************************/
jason@gost.net, wh@ckz.org
http://jason.gost.net
/*****************************/
| [reply] [d/l] |
|