From: Paul C. <ti...@ti...> - 2002-05-16 05:03:01
|
Bruce Winter wrote: > Looks like the documentaion ( > http://search.cpan.org/doc/DSUGAL/Taint-0.06/Taint.pm ) is a little light. > Anyone have an example of how we could use it in the internet_im.pl code? I could completely misunderstand but my impression of perl's taint stuff is to mark strings as either trustable or not trustable, and then to complain when you use a not trustable string in a system, open, exec, etc. The only way for a new string to be trusted is for everything used in creating it to be trusted, or for the code to explicitly say "I now trust this string". If my understanding is correct, then this is intended to prevent a programmer from accidentally trusting a string that he shouldn't. Since we already know that the string is untrustworthy and needs to be sanitized, I don't see how this feature can help us. -- Paul Chamberlain, ti...@ti... |