RE: Re: Variable Initialisation

I don't mind being wrong I'm just looking for clarification. If you've already put input checking on all your input, what -T catch that wasn't caught in developement?

coreolyn Duct tape devotee.

Comment on RE: Re: Variable Initialisation

Replies are listed 'Best First'.
Why taint mode? by merlyn (Sage) on Aug 15, 2000 at 16:47 UTC
Taint mode is like insurance. You may never need it, but it costs so little to keep it in, even after you believe you've tested all the possible input paths. Not only that, but future versions of Perl may decide that new things are leaks, and so your program will (rightfully!) bomb when Perl is upgraded. This has happened already, when all globbing in 5.004 was made "taint-unsafe" because it was discovered that it had always been unsafe to glob because of some bugs in the c-shell. -- Randal L. Schwartz, Perl hacker	[reply]
RE: RE: Re: Variable Initialisation by ar0n (Priest) on Aug 15, 2000 at 17:25 UTC
What's also likely to occur is that someone may be working on your script after you (e.g. adding functionality) and has to remember to turn on the -T switch again, which (s)he may not always remember to do, Thus rendering your "insurance" null & void :) -- ar0n \|\| Just Another Perl Joe	[reply]
RE: RE: RE: Re: Variable Initialisation by coreolyn (Parson) on Aug 15, 2000 at 17:42 UTC
While this may be true in most enviornments, your response has pricked the nagging sys admin in me to say, "NO production script should EVER be modified. Maintianing the development->(Readiness if you can afford it)->Production cycle is key to stable rapid deployment." coreolyn Duct tape devotee.	[reply]