in reply to Turning on Taint in mod_perl after compile time or in specific packages only?
<Superhero>
This looks like a job for Taint::Runtime
</Superhero>
Update: I should've been more specific. You should use prefork rather than worker. If you use worker, then yes, you will have to deal with a single thread and you can't do much. In a prefork model - every forked interpreter will only deal with one request at a time. The code then to handle this with Taint::Runtime would be:
Taint::Runtime documentation goes into detail about why it is a bad idea to do runtime tainting. But just because it is bad in general cases doesn't mean it is bad in thoroughly covered cases. The big danger is making sure data streams that were set up prior to the handler invocation are properly tainted.
Update: I should've been more specific. You should use prefork rather than worker. If you use worker, then yes, you will have to deal with a single thread and you can't do much. In a prefork model - every forked interpreter will only deal with one request at a time. The code then to handle this with Taint::Runtime would be:
use Taint::Runtime qw($TAINT taint_env taint_deep); sub my_handler { local $TAINT = 1; taint_env(); taint_deep(\%other_items); ... }
Taint::Runtime documentation goes into detail about why it is a bad idea to do runtime tainting. But just because it is bad in general cases doesn't mean it is bad in thoroughly covered cases. The big danger is making sure data streams that were set up prior to the handler invocation are properly tainted.
my @a=qw(random brilliant braindead); print $a[rand(@a)];
In Section
Seekers of Perl Wisdom