I don't see much point of using -T on stuff like interactive clients, Tk or not. After all, if the user is going to try to mess with the client, all he can do is screw himself. I make it a point to use it for the server end though, whether it's a CGI script, daemon, Win32 service, or whatnot.
That's not to say that a client program shouldn't be doing any kind of error checking. It should, to some extent. But the server shouldn't depend on that at all, and it should thoroughly check all input in minute detail (which is where taint mode helps out a bit, though it's not 100% foolproof).
Basically, it comes down to this: any code running on a machine which you don't control is code that you can't depend on in terms of security. | [reply] |
After all, if the user is going to try to mess with the client, all he can do is screw himself.
Even it's result of bad input, (perhaps especially if ...) it will be in the user's mind "the program's fault" -- "the program trashed my disk/registry/irreplacable data file/..." and you'll be the one who gets bad-mouthed.
If *, (), rm -rf /, ;"@{unlink <*>}" aren't valid in filenames, then don't let them be there. And having Perl cover your a** takes only one extra char!
| [reply] |
And having Perl cover your a** takes only one extra char!
No, that's a myth. Sure, it takes one (or rather two) characters to turn on taint checking. But turning on -T doesn't mean Perl validates data for you! You still need to write the validating code (and detaining) code. And that takes more than one character.
| [reply] |