[Dbix-class] Read only resultsets

	Dave Howorth
	Aug 12, 2010 at 8:52 am

Dan Horne wrote:
The recent discussion on read only objects has got me wondering. Say one
has an app which basically sends result sets to TT templates. What stops
a malicious designer from doing DB updates in the templates since they
have the RS objects?

Make sure that the DBI connection that the templates use is of a db-user
that only has SELECT privileges?

Cheers, Dave

Search Discussions

Discussion Posts

Dan Horne: The recent discussion on read only objects has got me wondering. Say one has an app which basically sends result sets to TT templates. What stops a malicious designer from doing DB updates in the templates since they have the RS objects? I could mimic the DBI solution of returning arrayrefs of hashrefs, but that doesn't allow for the chaining of methods to get related resultsets, Nor would it give me access to pagination info. Dan -------------- next part -------------- An HTML attachment was

Follow ups

Related Discussions

Discussion Navigation

view	thread \| post
posts	‹ prev \| 2 of 6 \| next ›

Discussion Overview

group	dbix-class
categories	perl, catalyst
posted	Aug 11, '10 at 11:08p
active	Aug 24, '10 at 6:56p
posts	6
users	5
website	dbix-class.org
irc	#dbix-class

font	variable	Hotkey: f
user style	avatars	Hotkey: a

[Dbix-class] Read only resultsets

Search Discussions

Discussion Posts

Related Discussions

5 users in discussion

Content

People

Support

Translate