Test-TempDatabase reviews

RSS | Module Info

Test-TempDatabase (0.12) *

Test-TempDatabase is dangerous. It is a test module but requires PostgreSQL superuser privilege. Running potentially-may-have-bug test suites with superuser privilege is out of mind.

This is especially true for us CPAN testers. We CPAN testers run tests for tens of unknown modules per day from all over the world. Not knowing what module we are testing but requiring us to grant a superuser privilege, is insane.

It is more reasonable to ask the PostgreSQL group to add a “create temporarily database” non-superuser privilege than using this module.

Test-TempDatabase (0.02) *

This module has poor security that can be avoided. It makes system calls from the user input without any validation:

`createdb $db_name >& /dev/null`;

The same thing could accomplished easily without using a system call. ("CREATE DATABASE" can issued from within DBI and has a chance of being portable).

Test-TempDatabase (0.02) *

This module doesn't provide options to specify what database one wants: only Postgres is used, so if one doesn't have DBD::Pg, one cannot use it.

What does creating a temporary database have to do with Testing? It should be called something like DB::Temp.

The abstract/author sections of the Makefile.PL are not updated, and the requirement for DBD::Pg is not specified in the Makefile.PL. Nor has Changes been updated.

1 hidden unhelpful review