Using -T on an Apache server

Satanya has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to comply with my companies CGI script security measures... however, I am running into some dificulty.

The particular cgi script I am speaking about works perfectly without -T.

I get this error when using -T in my script:

Too late for "-T" option at devdefect_feedback.cgi line 1.

Please let me know what you think the issues is.

Thanks for your time in advance.

Tanya

Comment on Using -T on an Apache server

Replies are listed 'Best First'.
Re: Using -T on an Apache server by BazB (Priest) on Jan 11, 2002 at 23:18 UTC
A quick search gives Too late for "-T"? and Confused about Taint. I suggest you read up on exact what tainting is, and how to effectively (see 2nd update) untaint data - man perlsec is your friend. Cheers. Baz. Update: You might want to look at Ovid's CGI tutorial, which has info on taint mode amoungst other things. Ovid++ Further update: I guess I should be a little more helpful...data is normally untainted by checking that it matches the sort of input you are expecting to be passed into your script for security/sanity. The effective part of my comment is on this point - make sure that you allow _only_ what you expect - there is a way of untainting all data, but if you do that, you're opening yourself up to a World of Pain. For example: if you're expecting a single digit number, check for the presence of a single digit in the input - if it's something other than that throw an error and do not process the data any further.	[reply]
Re: Re: Using -T on an Apache server by Satanya (Novice) on Jan 11, 2002 at 23:23 UTC
Thanks for the info... I will search right away.. Tanya	[reply]
Re: Using -T on an Apache server by drinkd (Pilgrim) on Jan 11, 2002 at 23:16 UTC
SuperSearch shows this being asked many times. This Node has the following answer (Thanks to KM): I assume you mean the 'Too late for "-T" option at script.pl line 1.' error. This happens because you have run perl without -T, then when it examines the #! line and sees -T, it realizes you want tainting, but it is too late. You need to make sure -T is passed when using 'perl script.pl'. I know of no way around this, as opposed to aliasing 'perl' with 'perl -T' or some similar lunacy. drinkd	[reply]
Re: Re: Using -T on an Apache server by Satanya (Novice) on Jan 11, 2002 at 23:24 UTC
Thanks for the info... I will take a look at this node also... Tanya	[reply]
Re: Using -T on an Apache server by perrin (Chancellor) on Jan 11, 2002 at 23:56 UTC
Are you running under mod_perl? If so, check the documentation for notes on how to use taint mode with Apache::Registry.	[reply]