Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: Proposed change regarding "Taint" support

by hippo (Bishop)
on Aug 13, 2021 at 13:24 UTC ( #11135812=note: print w/replies, xml ) Need Help??


in reply to Proposed change regarding "Taint" support

Are there people here who would refuse to use a perl that was built without taint checking capability ?

There is at least one! Probably 80% of the Perl I write is either public-facing or at least untrusted-user-facing and therefore I use taint mode a lot and am extremely grateful for its demonstrable bacon-saving properties. Without it, perl would become much more dangerous with the upshot that it would either require some sort of front-end or wrapper which would peform the same task (tricky) or else $WORK would have to start looking at alternative languages. The latter would be a body blow as Perl is by far the best language in the toolbox.

I can see the attraction to TPTB given that they might not have much/any use for taint mode themselves but to excise such a fundamentally important part of the system just for a speed gain seems like throwing the baby out with the bathwater. And if you, dear reader, feel that it would be no great loss then take care because next time it might well be your favourite feature which is to be deleted. I can only hope that sense prevails.


🦛

  • Comment on Re: Proposed change regarding "Taint" support

Replies are listed 'Best First'.
Re^2: Proposed change regarding "Taint" support
by syphilis (Archbishop) on Aug 13, 2021 at 13:56 UTC
    ... but to excise such a fundamentally important part of the system just for a speed gain seems like throwing the baby out with the bathwater

    In that thread, Tomasz Konojacki has referred to that "fundamentally important part of the system" as a "misfeature" that he would like to see "completely removed".
    So far, that assessment has not been questioned. Maybe it's in your best interests to let it be known that not everyone shares that view ?
    (If people don't tell 'em, they won't know ;-)

    Mind you, I don't think they would do anything so bold as to have it "completely removed", so you probably don't have to worry too much about that.
    Nevertheless, would you be content to live with the heightened possibility that perls built without taint checking capability existed ?

    Cheers,
    Rob

      Not sure about "content" but certainly less miffed. I'm content that PHP exists just so long as I don't have to have anything to do with it. :-)

      Tomasz Konojacki has referred to that "fundamentally important part of the system" as a "misfeature" that he would like to see "completely removed".

      I notice that Tomasz gives neither evidence nor rationale for this "misfeature" claim. Given your recall of Larry's view I am quite happy to be in his camp rather than in Tomasz's.


      🦛

        > in his camp

        So far, Larry's camp is not represented in the p5p discussion. It shouldn't make you happy.

        map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11135812]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2022-01-26 20:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (70 votes). Check out past polls.

    Notices?