Maybe I'm completely arrogant here, but it seems that taint mode is in fact counterproductive, because it lulls you into thinking that it spots all the places where you forgot to explicitly address (as in "at least think about") malicious inputs. But it doesn't, again because of its poor assumptions (a) and (b).

Within their respective problem domains, the same could be said for strict, warnings, Perl::Critic, Safe, prove, and so on. The tool is not the problem unless it's inaccurately or inadequately documented. The problem is the misunderstanding, which is hard to eliminate, because people tend not to read the documentation past the point of "getting it to work."

I think the challenge with respect to user input is one of education. With a constant deluge of new programmers in the field, the near total lack of discussion of security issues in many university CS programs, the low barrier to entry into scripting languages, and the high stakes involved that make malicious attacks profitable for the hacker, we've been fighting it for decades and will probably continue to do so. It's hard enough to get people to use the tools that are available. It's even harder to get them to take the time to understand them. There are plenty of posts on the net where the mantra is reiterated; don't cargo-cult code without understanding it. This is especially true in any type of programming where security if an issue.

Tools can never guarantee security. They can simply encourage good behavior and good practices. You're correct though; the tools can lull one into a false sense of security. But making them more effective without taking options away from the programmer is quite difficult. There's a fine line between encouraging good behavior, and hampering creativity. I remember an old saying that I'll paraphrase: "If you make it so easy even a fool could use it, only fools will use it."

This is a healthy discussion, and I'm glad you brought it up. I'm glad that you make the observation that taint mode isn't completely effective. The more attention the subject gets, hopefully the more people will become aware that the programmer has to assume some responsibility for educating herself on safe practices.


Dave

In reply to Re^3: Taint mode limitations by davido
in thread Taint mode limitations by alain_desilets

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.