go ahead... be a heretic | |
PerlMonks |
Re: Trojan Horse? (taint mode)by mattr (Curate) |
on Nov 26, 2001 at 12:56 UTC ( [id://127508]=note: print w/replies, xml ) | Need Help?? |
I can't figure out why you would ever want to execute/eval
untainted CGI input as-is. And I don't know if I'd trust Perl's
CGI tainting to keep my evals safe from those curly brackets.. paranoia is
good there.
As far as standard input, you are worried about a user maliciously erasing all their own files? Or are you allowing users to run suid? Context? update 2002.1.26 sorry I missed your/blakem's quotation.
In Section
Seekers of Perl Wisdom
|
|