in reply to Re: Inline.pm and untainting
in thread Inline.pm and untainting
UNTAINTSo you probably should not look at this code in isolation but together with the whole set-up of Inline. I agree it is strange that in order to be able to run Inline in taint mode you have to globally untaint all your environment variables.You must use this option whenever you use Perl's -T switch, for taint checking. This option tells Inline to blindly untaint all tainted variables. It also turns on SAFEMODE by default. (...)
SAFEMODE
Perform extra safety checking, in an attempt to thwart malicious code. This option cannot guarantee security, but it does turn on all the currently implemented checks.
There is a slight startup penalty by using SAFEMODE. Also, using UNTAINT automatically turns this option on. If you need your code to start faster under -T (taint) checking, you'll need to turn this option off manually. Only do this if you are not worried about security risks.
CountZero
A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^3: Inline.pm and untainting
by ELISHEVA (Prior) on Jul 28, 2009 at 14:10 UTC | |
by syphilis (Archbishop) on Jul 28, 2009 at 23:45 UTC | |
by ELISHEVA (Prior) on Jul 29, 2009 at 06:32 UTC | |
by syphilis (Archbishop) on Jul 30, 2009 at 09:28 UTC |