Hey there

I’m looking for more information on this subject.

I’m using mod_perl2 and apache2

Currently what I’m trying to do is to make both the page and the DBI module tainted-enabled

I have –t enabled in httpd.conf

And {Taint => 1} upon the DBI connection call.

I’ve made modifications to a test case page,which was a perfect replicate,of a real “commercial” page.

so now supposedly all $apr->param() parameters are no longer tainted after numereious regexp equations and a temporary hash table that holds all data.

Problem is,

When DBI “Taint” is on, the page is completely stuck and I cannot find any errors or warning in the error_log.

Any recommendations / different techniques ?

Thanks.