Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re: Do I really need to untaint from YAML::Tiny file?

by spazm (Monk)
on Mar 13, 2010 at 21:08 UTC ( #828479=note: print w/ replies, xml ) Need Help??


in reply to Do I really need to untaint from YAML::Tiny file?

In both cases you should be manually checking and untainting the data. Taint mode is there for your and your users' protection.

in your example code, you probably want to constrain the allowed paths to place where writing your file won't fubar anything. Or maybe you're happy with users writing files anywhere if privs are elevated. In that case you should make that decision explicit with a fake taint avoidance like in your example code m/(.)/ .

my $.02


Comment on Re: Do I really need to untaint from YAML::Tiny file?
Re^2: Do I really need to untaint from YAML::Tiny file?
by proggerguy (Initiate) on Mar 13, 2010 at 21:26 UTC
    Thanks for the reply. I appreciate your two cents! I am used to checking everything coming from CGI ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://828479]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (13)
As of 2014-12-26 15:33 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (171 votes), past polls