Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Homegrown Pseudo-Tainting

by MZSanford (Curate)
on Mar 15, 2002 at 09:33 UTC ( #151943=note: print w/ replies, xml ) Need Help??


in reply to Homegrown Pseudo-Tainting

    I agree with dws,Juerd and grep, if you are writting code that is Taint-safe, then the <cod>-T</code> is just to keep you in check. I understand from your reply to dws that you are looking for things other monks have used when working with Tainted data, and i just wanted to say that i am a huge believer in the list versions of system() and exec(), and even feel a need to shamelessly promote this node about the diffrence.
    Other than that, if you know your data, you will know your un-taint-o-rator. If you are using things like $bad_data =~ m/^(.*)$/; $bad_data=$1, then you have missed what tainting is about. I shy away from catch-all un-tainting, but, if you are looking for common idioms, i only usually use things like \d+ and such, though, i don't do much CGI, so i don't have the largest frame of reference :/.

just my €0.02


from the frivolous to the serious


Comment on Re: Homegrown Pseudo-Tainting
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://151943]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others scrutinizing the Monastery: (4)
As of 2014-09-19 04:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (129 votes), past polls