Re: Turning on Taint in mod_perl after compile time or in specific packages only?

in reply to Turning on Taint in mod_perl after compile time or in specific packages only?

<Superhero> This looks like a job for Taint::Runtime </Superhero>

Update: I should've been more specific. You should use prefork rather than worker. If you use worker, then yes, you will have to deal with a single thread and you can't do much. In a prefork model - every forked interpreter will only deal with one request at a time. The code then to handle this with Taint::Runtime would be:

    use Taint::Runtime qw($TAINT taint_env taint_deep);

    sub my_handler {
         local $TAINT = 1;
         taint_env();
         taint_deep(\%other_items);

         ... 
    }
[download]

Taint::Runtime documentation goes into detail about why it is a bad idea to do runtime tainting. But just because it is bad in general cases doesn't mean it is bad in thoroughly covered cases. The big danger is making sure data streams that were set up prior to the handler invocation are properly tainted.

my @a=qw(random brilliant braindead); print $a[rand(@a)];

Comment on Re: Turning on Taint in mod_perl after compile time or in specific packages only? Download Code
Re^2: Turning on Taint in mod_perl after compile time or in specific packages only? by Bloodnok (Vicar) on Aug 08, 2008 at 10:16 UTC
... not sure which I like the most - the answer or your sig :-)) A user level that continues to overstate my experience :-))	[reply]


good chemistry is complicated, and a little bit messy -LW
	PerlMonks

Re: Turning on Taint in mod_perl after compile time or in specific packages only?

How many continents have you visited?