Re: To taint or not to taint?


Clear questions and runnable code get the best and fastest answer
	PerlMonks

Re: To taint or not to taint?

by moritz (Cardinal)

on Mar 19, 2009 at 13:39 UTC ( [id://751714]=note: print w/replies, xml )

Need Help??

in reply to To taint or not to taint?

As always "it depends".

When I write short do-one-task-once scripts I don't bother with tainting.

When I write CGI scripts I'm paranoid and enable taint checking, and it's not much of a hassle since my applications typically only talk to the database.

If I have to call external programs from CGI scripts my paranoia is even bigger, and I verify all parameter from the outside anyway (with regexes and white listing hashes), so it doesn't cause me any trouble.

In fact two years ago I enabled taint checking for a collection of CGI scripts, and needed only one minor modification.

So my answer is "yes, where appropriate".

Comment on Re: To taint or not to taint?

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://751714]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others examining the Monastery: (8)

As of 2024-04-25 11:34 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found