Re: Test::Taint 0.01 is out

You want to taint your data any time you are using untrusted user-supplied data in a way which could be abused. That's what it's for.

Just because you're done testing doesn't mean you can have a program accept input from a user over a network or on a widely shared system which makes an interpolated shell call with that data or opens a user-specified file which could contain a pipe to an arbitrary program.

Christopher E. Stith

Comment on Re: Test::Taint 0.01 is out

Replies are listed 'Best First'.
Re: Re: Test::Taint 0.01 is out by petdance (Parson) on Feb 06, 2004 at 00:56 UTC
But all that data is already tainted. I'm not seeing anything in your list of examples that isn't already tainted by the time your program gets it. That's why I don't see taint() as being useful except in test cases where you have to make fake tainted data. xoxo, Andy	[reply]
Re: Re: Re: Test::Taint 0.01 is out by mr_mischief (Monsignor) on Feb 06, 2004 at 15:00 UTC
Ah, taint() as a function! Sorry, I must've misread. I thought the topic was the taint pragma. Yes, I'd have to agree it'd kinda silly to taint data manually outside of testing. Christopher E. Stith	[reply]