Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: To taint or not to taint?

by moritz (Cardinal)
on Mar 19, 2009 at 13:39 UTC ( #751714=note: print w/ replies, xml ) Need Help??


in reply to To taint or not to taint?

As always "it depends".

When I write short do-one-task-once scripts I don't bother with tainting.

When I write CGI scripts I'm paranoid and enable taint checking, and it's not much of a hassle since my applications typically only talk to the database.

If I have to call external programs from CGI scripts my paranoia is even bigger, and I verify all parameter from the outside anyway (with regexes and white listing hashes), so it doesn't cause me any trouble.

In fact two years ago I enabled taint checking for a collection of CGI scripts, and needed only one minor modification.

So my answer is "yes, where appropriate".


Comment on Re: To taint or not to taint?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://751714]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (15)
As of 2014-10-21 10:53 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    For retirement, I am banking on:










    Results (100 votes), past polls