Beefy Boxes and Bandwidth Generously Provided by pair Networks Bob
Perl: the Markov chain saw
 
PerlMonks  

Re: Do I really need to untaint from YAML::Tiny file?

by spazm (Monk)
on Mar 13, 2010 at 21:08 UTC ( #828479=note: print w/ replies, xml ) Need Help??


in reply to Do I really need to untaint from YAML::Tiny file?

In both cases you should be manually checking and untainting the data. Taint mode is there for your and your users' protection.

in your example code, you probably want to constrain the allowed paths to place where writing your file won't fubar anything. Or maybe you're happy with users writing files anywhere if privs are elevated. In that case you should make that decision explicit with a fake taint avoidance like in your example code m/(.)/ .

my $.02


Comment on Re: Do I really need to untaint from YAML::Tiny file?
Re^2: Do I really need to untaint from YAML::Tiny file?
by proggerguy (Initiate) on Mar 13, 2010 at 21:26 UTC
    Thanks for the reply. I appreciate your two cents! I am used to checking everything coming from CGI ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://828479]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (15)
As of 2014-04-21 15:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (495 votes), past polls