Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: Do I really need to untaint from YAML::Tiny file?

by spazm (Monk)
on Mar 13, 2010 at 21:08 UTC ( #828479=note: print w/replies, xml ) Need Help??

in reply to Do I really need to untaint from YAML::Tiny file?

In both cases you should be manually checking and untainting the data. Taint mode is there for your and your users' protection.

in your example code, you probably want to constrain the allowed paths to place where writing your file won't fubar anything. Or maybe you're happy with users writing files anywhere if privs are elevated. In that case you should make that decision explicit with a fake taint avoidance like in your example code m/(.)/ .

my $.02

  • Comment on Re: Do I really need to untaint from YAML::Tiny file?

Replies are listed 'Best First'.
Re^2: Do I really need to untaint from YAML::Tiny file?
by proggerguy (Initiate) on Mar 13, 2010 at 21:26 UTC
    Thanks for the reply. I appreciate your two cents! I am used to checking everything coming from CGI ...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://828479]
[Corion]: I think I'm overdesigning things again. I want to export(later, synchronize) data from Google Keep, by scraping the HTML. And I'm thinking of automating this by having a canary note whose text my program knows and from which it can determine the ...
[Corion]: ... surrounding HTML to scrape all the other notes. Maybe I should better look at dumping all the requests that pass between Google and my "browser" instead.
[choroba]: The older one will even perform twice, once at a retirement home, and then at the music school. It's a day off, but will be pretty busy...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2017-12-12 08:55 GMT
Find Nodes?
    Voting Booth?
    What programming language do you hate the most?

    Results (327 votes). Check out past polls.