<HTML>
<HEAD>
<meta name="GENERATOR" content="Microsoft Internet Assistant for PowerPoint 97">
<TITLE>DBI security tainting</TITLE>
</HEAD>
<BODY >
<H1>DBI security tainting</H1>
<P><UL>
<LI><H2>By default the DBI ignores Perl tainting
</H2>
<UL>
<LI>doesn't taint returned data
<LI>doesn't check that parameters are not tainted
</UL><LI>
</UL><UL>
<LI><H2>The Taint attribute enables that behaviour
</H2>
<UL>
<LI>If Perl itself is in taint mode
<LI>
</UL></UL><UL>
<LI><H2>Each handle has it's own inherited Taint attribute
</H2>
<UL>
<LI>So can be enabled for particular connections and disabled for particular statements, for example:
</UL><LI>
<BR>$dbh = DBI->connect(
, { Taint => 1 });
<BR>$sth = $dbh->prepare("select * from safe_table");
<BR>$sth->{Taint} = 0; # no tainting on this handle
<BR>
</UL><UL>
<H2>.</H2>
</UL></P>
<P></P>
<P>
<TABLE>
<TD HEIGHT=100 WIDTH=100> <A HREF="tsld061.htm">Previous slide</A> </TD>
<TD HEIGHT=100 WIDTH=100> <A HREF="tsld063.htm">Next slide</A> </TD>
<TD HEIGHT=100 WIDTH=150> <A HREF="tsld001.htm">Back to first slide</A> </TD>
<TD HEIGHT=100 WIDTH=150> <A HREF="sld062.htm">View graphic version</A> </TD>
</TABLE>
<BR>
</P>
</Body>
</HTML>