Perl: the Markov chain saw | |
PerlMonks |
Re: Re: Trojan Horse? (taint mode)by quinkan (Monk) |
on Nov 26, 2001 at 05:33 UTC ( [id://127457]=note: print w/replies, xml ) | Need Help?? |
The only way this is going to come and cause us grief is if we eval $a ? But pause to consider that someone playing with your CGI script has managed to get output redirected to an executable shell script.... Which is often the aim of a malicious hack. If you don't want naughty words appearing in, for example, your system initialisation scripts, it might be a good idea to untaint everything input.
In Section
Seekers of Perl Wisdom
|
|