Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: Do I really need to untaint from YAML::Tiny file?

by spazm (Monk)
on Mar 13, 2010 at 21:08 UTC ( [id://828479]=note: print w/replies, xml ) Need Help??


in reply to Do I really need to untaint from YAML::Tiny file?

In both cases you should be manually checking and untainting the data. Taint mode is there for your and your users' protection.

in your example code, you probably want to constrain the allowed paths to place where writing your file won't fubar anything. Or maybe you're happy with users writing files anywhere if privs are elevated. In that case you should make that decision explicit with a fake taint avoidance like in your example code m/(.)/ .

my $.02

Replies are listed 'Best First'.
Re^2: Do I really need to untaint from YAML::Tiny file?
by proggerguy (Initiate) on Mar 13, 2010 at 21:26 UTC
    Thanks for the reply. I appreciate your two cents! I am used to checking everything coming from CGI ...

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://828479]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (2)
As of 2024-03-19 04:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found