DBI refuses to allow me to provide my password as a blessed object with string overloading
demerphq opened this issue · 4 comments
This means that it is difficult to secure the password against things that dump the stack.
What I want to do is have my secrets like passwords stored in a blessed object which enforces a whitelist of modules which are allowed to inspect the contents.
Unfortunately this is impossible with the existing check to ensure that the password is not a reference.
IMO either the check should be changed to allow blessed references, OR, outright removed. I dont see why DBI should check for references, if it gets a ref then the connect will fail, and MAYBE then additional diagnostics that the password was a ref would be useful, but preventing me from using standard perl overloading to represent my password goes against basic perl expectations.
FWIW, this criticism applies generally and not just to the password argument. DBI should not be naively insisting that the arguments are pure strings. It should work fine if we pass in overloaded blessed objects.
FWIW2: I tried hard to use a tie for this, but tie assignment does not "pass along" the tiedness, it just passes along the value, so what i want to do is not possible that way.
I pushed a PR for this BTW: "remove block that prevents a reference $password argument #40"
I updated the PR for this ticket.