.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "Safe 3pm" .TH Safe 3pm "2021-01-05" "perl v5.32.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" DBIx::Safe \- Safer access to your database through a DBI database handle .SH "VERSION" .IX Header "VERSION" This documents version 1.2.5 of the DBIx::Safe module .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use DBIx::Safe; \& \& $dbh = DBI\->connect($dbn, $user, $pass, {AutoCommit => 0}); \& \& my $safedbh = DBIx::Safe\->new({ dbh => $dbh }); \& \& $safedbh\->allow_command(\*(AqSELECT INSERT UPDATE\*(Aq); \& \& $safedbh\->allow_regex(qr{LOCK TABLE \ew+ IN EXCLUSIVE MODE}); \& \& $safedbh\->deny_regex(qr{LOCK TABLE pg_}); \& \& $safedbh\->allow_attribute(\*(AqPrintError RaiseError\*(Aq); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" The purpose of this module is to give controlled, limited access to an application, rather than simply passing it a raw database handle through \s-1DBI.\s0 DBIx::Safe acts as a wrapper to the database, by only allowing through the commands you tell it to. It filters all things related to the database handle \- methods and attributes. .PP The typical usage is for your application to create a database handle via a normal \&\s-1DBI\s0 call to \fBnew()\fR, then pass that to DBIx::Safe\->\fBnew()\fR, which will return you a DBIx::Safe object. After specifying exactly what is and what is not allowed, you can pass the object to the untrusted application. The object will act very similar to a \&\s-1DBI\s0 database handle, and in most cases can be used interchangeably. .PP By default, nothing is allowed to run at all. There are many things you can control. You can specify which \s-1SQL\s0 commands are allowed, by indicating the first word in the \&\s-1SQL\s0 statement (e.g. '\s-1SELECT\s0'). You can specify which database methods are allowed to run (e.g. 'ping'). You can specify a regular expression that allows matching \s-1SQL\s0 statements to run (e.g. 'qr{\s-1SET TIMEZONE\s0}'). You can specify a regular expression that is \s-1NOT\s0 allowed to run (e.g. qr(\s-1UPDATE\s0 xxx}). Finally, you can indicate which database attributes are allowed to be read and changed (e.g. 'PrintError'). For all of the above, there are matching methods to remove them as well. .SS "Deciding what statements to allow" .IX Subsection "Deciding what statements to allow" Anytime a statement is sent to the server via the DBIx::Safe database handle, it is first examined to see if it is allowed to run or not. There are three major checks that occur when a statement is sent. First, the initial word of the statement, known as the command, is extracted. Next, the entire statement is checked against the list of denied regular expressions. Next, the command is checked against the list of allowed commands. If there is no match, the statement is checked against the list of allowed regular expressions. .PP Each \s-1DBD\s0 may implement additional or slightly different checks. For example, if using Postgres, no semi-colons are allowed unless the command is one of \s-1SELECT, INSERT,\s0 \&\s-1UPDATE,\s0 or \s-1DELETE,\s0 to prevent multiple commands from running. (The four listed commands can be checked in another way for multiple commands, so they are allowed to have semicolons). .SS "Deciding what attributes to allow" .IX Subsection "Deciding what attributes to allow" Database handle attributes are controlled by a single list of allowed keys. If the key is allowed, the underlying database handle value is returned or changed (or both). Note that the attribute \*(L"AutoCommit\*(R" is never allowed to be changed. .SS "Methods" .IX Subsection "Methods" \fI\f(BInew()\fI\fR .IX Subsection "new()" .PP Creates a new DBIx::Safe object. Requires a mandatory \*(L"dbh\*(R" argument containing an active database handle. Optional arguments are \*(L"allow_command\*(R", \*(L"allow_regex\*(R", \*(L"deny_regex\*(R", and \*(L"allow_attribute\*(R". .PP \fI\f(BIallow_command()\fI\fR .IX Subsection "allow_command()" .PP Specifies which commands are allowed to be used. Can be a whitespace-separated list of words in a string, or an arrayref of such strings. Returns the current list of allowed commands. Duplicate commands will throw an error. .PP \fI\f(BIunallow_command()\fI\fR .IX Subsection "unallow_command()" .PP Same as allow_command, but will remove words from the list. .PP \fI\f(BIallow_regex()\fI\fR .IX Subsection "allow_regex()" .PP Specifies regular expressions which are allowed to run. Argument must be a regular expression, or an arrayref of regular expressions. Returns the current list. .PP \fI\f(BIunallow_regex()\fI\fR .IX Subsection "unallow_regex()" .PP Same as allow_regex, but will remove regexes from the list. .PP \fI\f(BIdeny_regex()\fI\fR .IX Subsection "deny_regex()" .PP Specifies regular expressions which are \s-1NOT\s0 allowed to run. Arguments and return the same as \fBallow_regex()\fR. .PP \fIundeny \f(BIregex()\fI\fR .IX Subsection "undeny regex()" .PP Same as deny_regex, but will remove regexes from the list. .PP \fI\f(BIallow_attribute()\fI\fR .IX Subsection "allow_attribute()" .PP Specifies database handle attributes that are allowed to be changed. By default, nothing can be read. Argument is a whitespace-separated list of words in a string, or an arrayref of such strings. Returns the current list. .PP \fI\f(BIunallow_attribute()\fI\fR .IX Subsection "unallow_attribute()" .PP Same as allow_attributes, but removes attributes from the list. .SS "Testing" .IX Subsection "Testing" DBIx::Safe has a very comprehensive test suite, so please use it! The only thing you should need is a database connection, by setting the environment variables \s-1DBI_DSN\s0 and \s-1DBI_USER\s0 (and \s-1DBI_PASS\s0 if needed). .PP You can optionally run the module through Perl::Critic by setting the \s-1TEST_AUTHOR\s0 environment variable. You will need to have the modules Perl::Critic and Test::Perl::Critic installed. .PP Please report any test failures to the author or bucardo\-general@bucardo.org. .SS "Supported Databases" .IX Subsection "Supported Databases" Due to the difficulty of ensuring safe access to the database, each type of database must be specifically written into DBIx::Safe. Current databases supported are: Postgres (DBD::Pg). .SH "WEBSITE" .IX Header "WEBSITE" The latest version and other information about DBIx::Safe can be found at: http://bucardo.org/dbix_safe/ .SH "DEVELOPMENT" .IX Header "DEVELOPMENT" The latest development version can be checked out by using git: .PP .Vb 1 \& git clone http://bucardo.org/dbixsafe.git/ .Ve .SH "BUGS" .IX Header "BUGS" Bugs should be reported to the author or bucardo\-general@bucardo.org. .SH "AUTHOR" .IX Header "AUTHOR" Greg Sabino Mullane .SH "LICENSE AND COPYRIGHT" .IX Header "LICENSE AND COPYRIGHT" Copyright 2006\-2007 Greg Sabino Mullane . .PP This software is free to use: see the \s-1LICENSE\s0 file for details.