On Mon, Aug 20, 2001 at 01:40:30PM +0800, Stas Bekman wrote:
> On Thu, 16 Aug 2001, Andy Turner wrote:
> > On Wed, Aug 15, 2001 at 12:54:58PM -0400, Philip Mak wrote:
> > > 1. A hacker with access to a virtual host on a mod_perl Apache can steal
> > > the Apache::DBI database handles of the other virtual hosts on that
> > > Apache. suexec/cgiwrap won't work in mod_perl.
> >
> > The simplest answer is to just not use Apache::DBI. Just use DBI
> > normally. The only draw back is that you don't cache database handles
> > this way. But in many configurations that isn't an issue.
>
> Huh? You can read anything from the memory once you are running in the
> same process, be it Apache::DBI, DBI or your own raw access module.
Ahh, I was assuming a DBI handle lexically scoped to the handler subroutine,
sorry about the confusion.
So long as the handle goes away with the connection you're okay.
--
Andy <[EMAIL PROTECTED]> - http://anime.mikomi.org/ - Community Anime Reviews
"Thus, though we have heard of stupid haste in war, cleverness has never
been seen associated with long delays."
-- Sun Tzu, The Art of War
