in reply to How to disable taint checking by Perl?

It seems the creators of the Mojolicious package have found some way to entirely disable taint checks. Deep within their documentation they say:

Is Perl's taint mode supported by Mojolicious?

No. There is no benefit at all to using taint mode. Modern Perl applications are much too complex to benefit from such a naive mechanism in any meaningful way. At best it would give you a false sense of security.

See more here: https://docs.mojolicious.org/Mojolicious/Guides/FAQ

Blessings,

~Polyglot~

  • Comment on Re: How to disable taint checking by Perl?

Replies are listed 'Best First'.
Re^2: How to disable taint checking by Perl?
by Anonymous Monk on Oct 25, 2023 at 08:24 UTC
    It seems the creators of the Mojolicious package have found some way to entirely disable taint checks
    They say they don't support it, where is it disabled?
[reply]
      The language they employ to disavow any association with 'taint' seems to indicate they disabled it, because their package is supported by the latest two releases of Perl, which, if I am not mistaken, typically enforce taint without it being explicitly called.

      Blessings,

      ~Polyglot~

[reply]

        This is misinformed. Taint mode only gets enabled when running a script under differing real and effective user or group ids. Otherwise taint mode needs to be explicitly enabled in the script using the -T command line/hashbang. See perlsec.

        Enforcing taint would mean a lot more programming effort in each script since even system() or open() won't work easily without explicit untainting.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom