comment on

when I first started reading about taint mode, I expected that it would identify every single instance of tainted variable and force me to look at it explicitly.

It does! What it cannot do -- which you seem to be expecting -- is decide whether you looked closely enough.

Think of it like front desk security issuing outsiders with a visitor's pass. If then you chose to leave them alone in the vault for a while, that is down to you.

When data comes in to your program from a (potentially) unsafe source it gets marked.
If you attempt to use that data before you've taken some action to validate it; Perl will yell at you.
But if Perl never allowed you to remove the mark; you would never be able to use that data.
And there is no way for Perl to determine whether what you have done has rendered that data "safe". Only you can make that decision.

So perl give you the tools; if you choose to use them incorrectly, that is down to you.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

RIP Neil Armstrong

In reply to Re: Taint mode limitations by BrowserUk
in thread Taint mode limitations by alain_desilets

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.