Vulnerability Development mailing list archives

Re: Perl / Oracle Vuln. New or Not?

From: Simon Kenton <simon_k () MAILANDNEWS COM>
Date: Fri, 8 Dec 2000 15:48:17 -0500

As a couple of people (on and off the list) have stated it is the job of the
perl programmer to handle these errors gracefully.  I agree with this 100% and
in this case 'foo.pl' will be fixed so that it no longer divulges this
information.  My point in posting this here, and potentially sending it to the
maintainers of the DBI/DBD code is that this is not the only implementation of
the Perl DBI/DBD modules that is installed using these defaults, and by
default gives out way too much information when it encounters an error
situation.

I am going to drop a short note to the DBI users lists, and be done with the
matter.

-Simon

------------------------------
   Simon Kenton
   Folk Hero To The Stars
------------------------------

Current thread:

Perl / Oracle Vuln. New or Not? Simon Kenton (Dec 06)
- Re: Perl / Oracle Vuln. New or Not? H D Moore (Dec 07)
  - Re: Perl / Oracle Vuln. New or Not? Tom Jordan (Dec 09)
- <Possible follow-ups>
- Re: Perl / Oracle Vuln. New or Not? Simon Kenton (Dec 08)
  - Re: Perl / Oracle Vuln. New or Not? Lincoln Yeoh (Dec 09)
- Re: Perl / Oracle Vuln. New or Not? Simon Kenton (Dec 09)