Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: Do I really need to untaint from YAML::Tiny file?

by spazm (Monk)
on Mar 13, 2010 at 21:08 UTC ( #828479=note: print w/replies, xml ) Need Help??


in reply to Do I really need to untaint from YAML::Tiny file?

In both cases you should be manually checking and untainting the data. Taint mode is there for your and your users' protection.

in your example code, you probably want to constrain the allowed paths to place where writing your file won't fubar anything. Or maybe you're happy with users writing files anywhere if privs are elevated. In that case you should make that decision explicit with a fake taint avoidance like in your example code m/(.)/ .

my $.02

  • Comment on Re: Do I really need to untaint from YAML::Tiny file?

Replies are listed 'Best First'.
Re^2: Do I really need to untaint from YAML::Tiny file?
by proggerguy (Initiate) on Mar 13, 2010 at 21:26 UTC
    Thanks for the reply. I appreciate your two cents! I am used to checking everything coming from CGI ...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://828479]
help
Chatterbox?
[ikegami]: That should be ${ $hash{$key} }[$_] because it's $a[$_] when you don't use a ref.
[oiskuu]: James, that's an array slice you have there (over some hash value)
[ikegami]: Mini-Tutorial: Dereferencing Syntax

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (7)
As of 2017-04-27 19:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I'm a fool:











    Results (512 votes). Check out past polls.