Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Re: Proposed change regarding "Taint" support

by haj (Priest)
on Aug 13, 2021 at 16:21 UTC ( #11135827=note: print w/replies, xml ) Need Help??

in reply to Proposed change regarding "Taint" support

Out of a habit, I run scripts under taint mode... if the CPAN dependencies permit it. I also more or less regularly run my unit tests under taint mode, and make sure my own stuff is taint-proof.

However, I think Neil has a point with his P5P message. Taint mode was useful in the olden days, where everything (including server stuff) happened on a few Unix hosts and people shared their scripts and used other people's scripts freely because that was just convenient.

Taint mode helps against a certain class of things which might turn out insecure, but today's attackers have found easier targets, and taint mode has always produced its share of false positives. If it goes away, I'll miss it, but only a bit.

  • Comment on Re: Proposed change regarding "Taint" support

Replies are listed 'Best First'.
Re^2: Proposed change regarding "Taint" support
by mr_mischief (Monsignor) on Aug 13, 2021 at 20:49 UTC

    It might be nice to have a tool that is Perl with a taint mode or something like it left in for development and testing. The main language could have it completely gone so there's no performance penalty. Unfortunately if done just that way it's likely to rot. A completely separate analysis tool may be a better bet.

      I was about to recommend Ruby, but after a google search found out that Ruby has also removed taint checking mechanism in 2020. So that's that.

        I also use Ruby some, but usually not for the same projects as Perl. It wouldn't help much to use Ruby to check for proper input sanity in Perl code over using any other language for doing that. Using Ruby over Perl in general isn't a very useful pitch.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11135827]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (1)
As of 2022-01-29 14:35 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (74 votes). Check out past polls.