At 09:28 AM 4/30/2012 -0400, Chris Nighswonger wrote:
On Mon, Apr 30, 2012 at 9:27 AM, Chris Nighswonger <<mailto:cnighswonger@foundations.edu>cnighswonger@foundations.edu> wrote: On Mon, Apr 30, 2012 at 9:13 AM, Paul <<mailto:paul.a@aandc.org>paul.a@aandc.org> wrote:
Can anyone point me rapidly to the portion of script that I should have a look at?
Fair warning: Mung up at your own risk....
and
Chris, Many thanks, I'll see what I can do (after hours tonight.) Just wondering if a perl expert could suggest the code to add a "condition" to if ($sql =~ /;?\W?(UPDATE|DELETE|DROP|INSERT|SHOW|CREATE)\W/i) { push @errors, {sqlerr => $1}; } along the lines of " unless username='paul' " I'm not too worried about the security risks for two reasons a) the script works as intended, and b) very few of our people actually have their permissions set to "Allow to access to the reports module." Best regards - Paul