in reply to Security techniques every programmer should know
In stead of blacklisting with
Ok you say that in the Taint part, but i would add it to the "Null btes are scary" part.
one should whitelist, allowing certain characters and forbidding the rest:$string =~ tr/\x00-\x09\x0b\x0c\x0e-\x1f//d;
Edit:if ($string =~ m/^([a-zA-Z0-9_])$/) { my $safeString = $1; ### also untainted now }
Ok you say that in the Taint part, but i would add it to the "Null btes are scary" part.
In Section
Meditations