There's more than one way to do things | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
As always "it depends".
When I write short do-one-task-once scripts I don't bother with tainting. When I write CGI scripts I'm paranoid and enable taint checking, and it's not much of a hassle since my applications typically only talk to the database. If I have to call external programs from CGI scripts my paranoia is even bigger, and I verify all parameter from the outside anyway (with regexes and white listing hashes), so it doesn't cause me any trouble. In fact two years ago I enabled taint checking for a collection of CGI scripts, and needed only one minor modification. So my answer is "yes, where appropriate". In reply to Re: To taint or not to taint?
by moritz
|
|