in reply to Why use taint
in thread Errors in my (simple?) CGI Script!
I'm not sure why you are asserting that all parameters must specifically be untainted. I would tend to agree with Juerd that unless you're using it in a system call, it doesn't pose a security problem. (theguvnor would welcome any enlightenment to the contrary).
On the other hand, I don't understand Juerd's assertion that Perl's tainting is such a problem.
- You don't have to run -T if you don't want.
- Even when you use it, you only have to untaint those variables that you want to use in system calls.
So I don't know why Juerd is so down on Perl's tainting mechanism...
..Guv
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Why use taint
by simon.proctor (Vicar) on Mar 10, 2002 at 16:11 UTC | |
A reply falls below the community's threshold of quality. You may see it by logging in. |
In Section
Seekers of Perl Wisdom