Loading ...
Sorry, an error occurred while loading the content.

1399Re: [soaplite] Re: Preventing package name traversal attacks

Expand Messages
  • Randy J. Ray
    Apr 10, 2002
      >>>>> "Paul" == Paul Kulchenko <paulclinger@...>
      >>>>> wrote the following on Tue, 9 Apr 2002 23:38:16 -0700 (PDT)

      Paul> To disable it on server side you may use on_action handler:

      -> on_action(sub { die "Access denied\n" if $_[2] =~ /:|'/ })

      While looking into this last night, I was thinking that the on_dispatch()
      handler might be a better way to go-- it gets run earlier than the on_action()
      handler does. Plus, it seems to make more send to my (sleep-deprived) brain,
      since I would expect the on_action() hook to accompany an action that is
      taking place, not prevent one at the last minute. But I guess it's just a
      matter of taste, as to which you use.

      Randy (yes, recently joined the list :-)
      Randy J. Ray rjray@...
      Campbell, CA rjray@...
      <A HREF="http://www.svsm.org">Silicon Valley Scale Modelers</A>
    • Show all 6 messages in this topic