radiantmatrix has asked for the wisdom of the Perl Monks concerning the following question:
IIS doesn't respect the #! line, so one would normally have to edit the association for Perl CGI to all run in taint mode (using the -T switch). However, this can break other people's code. Thanks to diotalevi, there is a way to turn on Taint checking for one particular script, at a slight performance cost:
Placed as the very first line in the script (even before you 'use' anything), this will re-call the Perl interpreter on one's script, and even preserves the CGI parameters in the process. There is a small hit on speed, as the interpreter loads twice, but the hit is better than running without tainting.BEGIN { unless ( ${^TAINT} ) { exec $^X, '-T', $0 } }
Of course, the real solution is to use a better-equipped web server; but as that's not always an option...
Originally posted as a Categorized Question.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: How do I get scripts to run with Taint mode on IIS?
by legato (Monk) on Jan 13, 2005 at 19:00 UTC | |
Re: How do I get scripts to run with Taint mode on IIS?
by Ovid (Cardinal) on Jan 12, 2005 at 21:48 UTC | |
Re: How do I get scripts to run with Taint mode on IIS?
by gellyfish (Monsignor) on Jan 14, 2005 at 09:48 UTC | |
Re: How do I get scripts to run with Taint mode on IIS?
by sithsasquatch (Scribe) on Jul 13, 2005 at 22:57 UTC | |
Re: How do I get scripts to run with Taint mode on IIS?
by saskaqueer (Friar) on Jan 14, 2005 at 19:25 UTC | |
by legato (Monk) on Jan 18, 2005 at 15:09 UTC |
Back to
Seekers of Perl Wisdom