Re: Taint and Shellshock

I take it above is just a basic example (or else you would lose values of QUERY_STRING, REMOTE_USER, etc.)?.

Comment on Re: Taint and Shellshock

Replies are listed 'Best First'.
Re^2: Taint and Shellshock by kennethk (Abbot) on Sep 27, 2014 at 02:37 UTC
Right; presumably, you'd properly scope your localization if you had interest in other environmental variables, and propagate any values of interest. For my own development, I rarely shell out to do something other than invoke a command line utility for heavy numerics, with validation performed at the script level. If you trust externally set environmental variables to pass information to your CLI, I don't understand why you'd bother with taint in the first place. #11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.	[reply]

Replies are listed 'Best First'.

Re^2: Taint and Shellshock
by kennethk (Abbot) on Sep 27, 2014 at 02:37 UTC

Right; presumably, you'd properly scope your localization if you had interest in other environmental variables, and propagate any values of interest. For my own development, I rarely shell out to do something other than invoke a command line utility for heavy numerics, with validation performed at the script level. If you trust externally set environmental variables to pass information to your CLI, I don't understand why you'd bother with taint in the first place.

#11929 First ask yourself `How would I do this without a computer?' Then have the computer do it the same way.

[reply]