Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister

Re: Why use taint

by theguvnor (Chaplain)
on Mar 10, 2002 at 01:19 UTC ( #150637=note: print w/replies, xml ) Need Help??

in reply to Why use taint
in thread Errors in my (simple?) CGI Script!

I'm not sure why you are asserting that all parameters must specifically be untainted. I would tend to agree with Juerd that unless you're using it in a system call, it doesn't pose a security problem. (theguvnor would welcome any enlightenment to the contrary).

On the other hand, I don't understand Juerd's assertion that Perl's tainting is such a problem.

  1. You don't have to run -T if you don't want.
  2. Even when you use it, you only have to untaint those variables that you want to use in system calls.

So I don't know why Juerd is so down on Perl's tainting mechanism...


Replies are listed 'Best First'.
Re: Re: Why use taint
by simon.proctor (Vicar) on Mar 10, 2002 at 16:11 UTC
    I think in fairness I was neither asserting or insisting someone use taint. Rather I was expressing that it could be used and voicing a personal opinion that it should. If it wasn't clear enough that it was a matter of opinion only then apologies for any confusion caused.

A reply falls below the community's threshold of quality. You may see it by logging in.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://150637]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (5)
As of 2022-08-09 19:54 GMT
Find Nodes?
    Voting Booth?

    No recent polls found