What is probably going on is that your Web server configuration uses the Perl ISAPI dll to run your Perl programs. Unless Activestate has changed their mind, you can't use taint checking with ISAPI. This is because the dll is a Perl compiler that remains memory resident. As a result, you don't need to load the Perl executable every time (just the program). However, taint checking must be activated when the Perl compiler loads and cannot be turned on afterwards. Trying to do so it what generates the "Too late for ..." error; it's too late to turn on taint checking.

The only way around this problem with Activestate is to go into IIS and point the program's association away from the dll and towards the Perl executable. This can be a significant performance hit, but you do get the security of taint checking. You'll have to figure out which is more important to you. Frankly, being forced to make this switch is one of the (many) reasons why I don't like working on IIS with Activestate. I realize that you're probably not in a position to switch, but I had to mention it.

Cheers,
Ovid

New address of my CGI Course.
Silence is Evil (feel free to copy and distribute widely - note copyright text)