Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Why use taint

by theguvnor (Chaplain)
on Mar 10, 2002 at 01:19 UTC ( [id://150637]=note: print w/replies, xml ) Need Help??


in reply to Why use taint
in thread Errors in my (simple?) CGI Script!

I'm not sure why you are asserting that all parameters must specifically be untainted. I would tend to agree with Juerd that unless you're using it in a system call, it doesn't pose a security problem. (theguvnor would welcome any enlightenment to the contrary).

On the other hand, I don't understand Juerd's assertion that Perl's tainting is such a problem.

  1. You don't have to run -T if you don't want.
  2. Even when you use it, you only have to untaint those variables that you want to use in system calls.

So I don't know why Juerd is so down on Perl's tainting mechanism...

..Guv

Replies are listed 'Best First'.
Re: Re: Why use taint
by simon.proctor (Vicar) on Mar 10, 2002 at 16:11 UTC
    I think in fairness I was neither asserting or insisting someone use taint. Rather I was expressing that it could be used and voicing a personal opinion that it should. If it wasn't clear enough that it was a matter of opinion only then apologies for any confusion caused.

[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://150637]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2025-07-17 08:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found
    Notices?
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.