Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi there, I read somewhere that there are 3 different levels of tainting which can be set. Something like 'easy' and 'saint' were two of them. How do i sent my taint to saint, and is this something that is done on the shebang line?

Replies are listed 'Best First'.
Re: Taint Saint
by Ovid (Cardinal) on May 16, 2003 at 23:58 UTC

    Prior to 5.8.0, you had only one level of tainting, enabled with the -T switch. That made unsafe operations fatal using tainted data fatal while running in taint mode.

    As of 5.8.0, there is a new "taint warnings" mode enabled by the -t switch. From 5.8.0 perldelta:

    A new command-line option, -t is available. It is the little brother of -T: instead of dying on taint violations, lexical warnings are given. This is only meant as a temporary debugging aid while securing the code of old legacy applications. This is not a substitute for -T.

    Note the emphasis is in the original document and not just mine.

    I'm not certain exactly what you read, but you should read perlsec instead.

    Cheers,
    Ovid

    New address of my CGI Course.
    Silence is Evil (feel free to copy and distribute widely - note copyright text)

[reply]
Re: Taint Saint
by Abigail-II (Bishop) on May 17, 2003 at 00:22 UTC
    There are three levels of tainting:
    1. No tainting at all. This is the default.
    2. Warning level tainting. This is enabled by using the -t switch. It's new in 5.8.0. When using tainted data in a possible insecure way, a warning is issued. This is in no way "safe", and just a debugging tool.
    3. Normal taint, enabled by using the -T switch. Here using tainted data in a possible insecure way triggers a fatal error.

    I've no idea what you mean by a saint level.

    Abigail

[reply]

Back to Seekers of Perl Wisdom