[Rt-devel] FastCGI, SetGIDness and Taint mode

Jesse Vincent jesse at bestpractical.com
Wed Jun 16 12:31:45 EDT 2004




On Wed, Jun 16, 2004 at 12:29:08PM -0400, Vivek Khera wrote:
> 
> On Jun 16, 2004, at 12:08 PM, Jesse Vincent wrote:
> 
> 
> Well, personally, I think that one should *always* run with taint mode 
> on any program exposed to public humiliation^W  user input.  
> Particularly web sites and things that handle incoming email.

If perl's taint mode allowed us to specify which data sources were
tainted, it would be another matter entirely. And if CPAN module authors
routinely dealt with code run under taint mode, it would be worth
considering. But as it is, -T is somewhat of a red-headed step-child.  



> But if you can't track down the error, that makes life quite 
> difficult... :-(



> _______________________________________________
> Rt-devel mailing list
> Rt-devel at lists.bestpractical.com
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel


-- 


More information about the Rt-devel mailing list