Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: Taint checking?

by jethro (Monsignor)
on Jul 01, 2009 at 16:25 UTC ( [id://776491]=note: print w/replies, xml ) Need Help??


in reply to Taint checking?

You can run perl in tainted mode, where any data a script gets from I/O is tainted (i.e. flagged as unsafe and potentially dangerous). This is for example useful with CGI-scripts.

Data can be untainted by filtering it with a regex. In that case perl assumes that you have filtered any dangerous parts and the extracted data is safe now

As the code you are presenting does no real effort to filter anything the author was either absolutely sure that $command_str came from somewhere safe or he couldn't be bothered with security

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://776491]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others learning in the Monastery: (6)
As of 2024-04-23 22:45 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found