Test-TempDatabase is dangerous. It is a test module but requires PostgreSQL superuser privilege. Running potentially-may-have-bug test suites with superuser privilege is out of mind.
This is especially true for us CPAN testers. We CPAN testers run tests for tens of unknown modules per day from all over the world. Not knowing what module we are testing but requiring us to grant a superuser privilege, is insane.
It is more reasonable to ask the PostgreSQL group to add a â€œcreate temporarily databaseâ€ non-superuser privilege than using this module.
10 out of 10 found this review helpful. Was this review helpful to you? Yes No
This module has poor security that can be avoided. It makes system calls from the user input without any validation:
`createdb $db_name >& /dev/null`;
The same thing could accomplished easily without using a system call. ("CREATE DATABASE" can issued from within DBI and has a chance of being portable).
6 out of 6 found this review helpful. Was this review helpful to you? Yes No
This module doesn't provide options to specify what database one wants: only Postgres is used, so if one doesn't have DBD::Pg, one cannot use it.
What does creating a temporary database have to do with Testing? It should be called something like DB::Temp.
The abstract/author sections of the Makefile.PL are not updated, and the requirement for DBD::Pg is not specified in the Makefile.PL. Nor has Changes been updated.
5 out of 5 found this review helpful. Was this review helpful to you? Yes No
1 hidden unhelpful review