Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^4: One true regexp for untainting windows filenames?

by jaldhar (Vicar)
on Jan 09, 2009 at 19:42 UTC ( #735283=note: print w/replies, xml ) Need Help??


in reply to Re^3: One true regexp for untainting windows filenames?
in thread One true regexp for untainting windows filenames?

To make them safe for what? Most most applications, untaint_path might remove the taint flag, but it doesn't make sure they're safe first.

Safe to use in qx//; in taint mode Earlier, I set $ENV{PATH} to q{}. This means I need to use complete paths to every file or command I use and they need to be untainted to prevent the 'insecure dependency' error.

I had forgotten about argv[0]. Now you have led me to realize that running under -T will not really buying me anything here without additional checking.

Hopefully this conversation will remind others to not complacently assume untainted eq secure if nothing else.

--
જલધર

Replies are listed 'Best First'.
Re^5: One true regexp for untainting windows filenames?
by ikegami (Pope) on Jan 09, 2009 at 19:59 UTC

    Safe to use in qx//; in taint mode

    In such general terms, it's impossible. You can make it so qx// doesn't croak, but you can't make it safe. Need more info.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://735283]
help
Chatterbox?
[Perl300]: Hi
[Perl300]: One quick question. Is DBD::ORacle still the way to go for connecting to Oracle DB from Linux box? My code is one a different linux box than the Oracle DB
[Perl300]: I see DBI and DBD::Oracle are already installed on my Linux box where I am coding but having hard time connecting to the remote Oracle DB

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2017-10-20 20:24 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My fridge is mostly full of:

















    Results (266 votes). Check out past polls.

    Notices?