Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: To taint or not to taint?

by moritz (Cardinal)
on Mar 19, 2009 at 13:39 UTC ( #751714=note: print w/ replies, xml ) Need Help??


in reply to To taint or not to taint?

As always "it depends".

When I write short do-one-task-once scripts I don't bother with tainting.

When I write CGI scripts I'm paranoid and enable taint checking, and it's not much of a hassle since my applications typically only talk to the database.

If I have to call external programs from CGI scripts my paranoia is even bigger, and I verify all parameter from the outside anyway (with regexes and white listing hashes), so it doesn't cause me any trouble.

In fact two years ago I enabled taint checking for a collection of CGI scripts, and needed only one minor modification.

So my answer is "yes, where appropriate".


Comment on Re: To taint or not to taint?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://751714]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (6)
As of 2015-07-06 23:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (85 votes), past polls