How this works really depends upon your IIS configuration. If you are using ActiveState Perl, there is a good chance that you are using the ISAPI dll (perlIS.dll). This dll is a memory-resident version of Perl that does not support taint checking in any configuration. Changing the association to use this dll and passing the -T switch will still kill your script. Your alternative with this is to use straight CGI, but that kills performance. Read this link regarding alternatives to taint checking for some of my research into this subject.

Frankly, I'd love to hear from some monks with some experience running mod_perl on a Win32 box. That would solve the security and the performance issues.

Cheers,
Ovid

Vote for paco!

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.