Vulnerability Development mailing list archives
Re: Perl / Oracle Vuln. New or Not?
From: Simon Kenton <simon_k () MAILANDNEWS COM>
Date: Fri, 8 Dec 2000 15:48:17 -0500
As a couple of people (on and off the list) have stated it is the job of the perl programmer to handle these errors gracefully. I agree with this 100% and in this case 'foo.pl' will be fixed so that it no longer divulges this information. My point in posting this here, and potentially sending it to the maintainers of the DBI/DBD code is that this is not the only implementation of the Perl DBI/DBD modules that is installed using these defaults, and by default gives out way too much information when it encounters an error situation. I am going to drop a short note to the DBI users lists, and be done with the matter. -Simon ------------------------------ Simon Kenton Folk Hero To The Stars ------------------------------
Current thread:
- Perl / Oracle Vuln. New or Not? Simon Kenton (Dec 06)
- Re: Perl / Oracle Vuln. New or Not? H D Moore (Dec 07)
- Re: Perl / Oracle Vuln. New or Not? Tom Jordan (Dec 09)
- <Possible follow-ups>
- Re: Perl / Oracle Vuln. New or Not? Simon Kenton (Dec 08)
- Re: Perl / Oracle Vuln. New or Not? Lincoln Yeoh (Dec 09)
- Re: Perl / Oracle Vuln. New or Not? Simon Kenton (Dec 09)
- Re: Perl / Oracle Vuln. New or Not? H D Moore (Dec 07)