Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re: To taint or not to taint?

by moritz (Cardinal)
on Mar 19, 2009 at 13:39 UTC ( #751714=note: print w/replies, xml ) Need Help??


in reply to To taint or not to taint?

As always "it depends".

When I write short do-one-task-once scripts I don't bother with tainting.

When I write CGI scripts I'm paranoid and enable taint checking, and it's not much of a hassle since my applications typically only talk to the database.

If I have to call external programs from CGI scripts my paranoia is even bigger, and I verify all parameter from the outside anyway (with regexes and white listing hashes), so it doesn't cause me any trouble.

In fact two years ago I enabled taint checking for a collection of CGI scripts, and needed only one minor modification.

So my answer is "yes, where appropriate".

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://751714]
help
Chatterbox?
[Discipulus]: see you monks!
[Lady_Aleena]: shmem, let me get this sub rewritten, then I will look into how to use ctags in geany. Deal? 8)
[shmem]: Discipulus: yeah, that might eventually prepare the path for OO ;-)
[Lady_Aleena]: See you, Discipulus.
[shmem]: Lady_Aleena: that's up to you. I only wanted to show you a path that might be more comforting than command line grep ;-)
[Lady_Aleena]: shmem, I don't think any of my modules could be converted to OO. They are too procedural.
[Lady_Aleena]: Now I will see if my perl-fu is as bad as I think it is.
[shmem]: ah, geany uses its own idea of tags. Ah well...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (9)
As of 2017-04-27 12:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I'm a fool:











    Results (506 votes). Check out past polls.