|go ahead... be a heretic|
Re: •Re: Re^2: Untainting safely. (b0iler proofing?)by Anonymous Monk
|on Jun 26, 2002 at 01:26 UTC||Need Help??|
And why you would be passing a date, time, or name near a shell.
This is a contrived example but: system( "touch file " $date ); where $date contained "01/01/2002|some nasty command" might cause trouble? Are there NO situations where a date provided from external sources might be used? Granted, almost any type of validation would catch this, but what about the "01/01/2002\0|some nasty command" thing? Would passing this to one the build-in date functions that uses the underlying C libs leave the postfixed command in-place?
That's still thinking from the wrong end.
What is the right end?
As for your DROP TABLE example, if you are using placeholders correctly, that value wouldn't matter.
Placeholders? - In truth I know what they are, but many an SQL novice does not.
So, I'm still not convinced that there needs to be a standard "untainting" library.
Respectfully, I disagree. Look here for the list of big name companies, with big budgets that having employed 'experts' to code, test and review their big projects, that have, and still are managing to make (often expensive) mistakes.
The idea is to use the collective expertise of PM to construct and refine a publicly available, publicly reviewable (that's one of the open source movement's lorded aims isn't it?) safe mechanism for handling external data for use by us mere mortals.
When the data is handled properly, we don't need to "match" "safe" data.
There are two problems with that statement (IMO).
1) What constitutes "handled properly"? How does one become conversant with the appropriate techniques? Do you have to have nn years, written x-hundreds (thousands??) of lines of code and have been bitten mm-times, before you are sure that you know how to handle the data correctly. Is it not possible to provide a short cut to this?
2) Somewhat repetitious but - EBay, Yahoo, MS, US Army, the Whitehouse have all fallen foul of thinking they were safe. I know not if any of them were using Perl, but the point remains the same. Even experts make mistakes. An open source library could address this I think.
BrowserUK (mistakenly posted anonymously)
Added attribution - dvergin 2002-06-28