water has asked for the wisdom of the Perl Monks concerning the following question:

Hi.

I know you should always use taint when taking data in from a web app, because somewhere down the road that data or data derived from that data might go into a database or a shell script or backticks or something dangerous. Right.

Question (more theory than practice): if you are 100% certain some data from a cgi arg is never going anywhere dangerous, does untainting really do anything? Say you take a value from a scipt, 'action', and the code does one of three actions based on the value, and has a fallthru 'unknown action attempt' mode. (And the actions are explicit and hardcoded, not &{$action}(@args) insanity, so hacking the form doesn't do anything but get you an unknown mode error.)

I'm sure the right answer is use taint nonetheless -- healthy paranoia -- but I am wondering.

water

Replies are listed 'Best First'.
Re: taint theory question
by tilly (Archbishop) on Jul 02, 2004 at 13:09 UTC
    In the case that you describe, I'd specifically recommend using taint mode and leaving that incoming data tainted as a reminder that it isn't supposed to be used for anything else.
[reply]
Re: taint theory question
by kiat (Vicar) on Jul 02, 2004 at 11:50 UTC
    Hi water,

    I suppose it's always a good practice to enable taint checking. It provides another layer of security. Also, in reality, most CGI programs are large or will get large eventually and as a result, you can never be 100% certain whether your code is secure.

[reply]
Re: taint theory question
by husker (Chaplain) on Jul 02, 2004 at 14:06 UTC
    "does untainting really do anything?"

    No, nothing constructive, if you are CERTAIN about your input.

    Aye, there's the rub. You may be certain about your input today. How about 6 months from now? How about after the next person mods the app?

    Better safe than sorry. Untaint it, even if you "know" it doesn't need it.

[reply]

Back to Seekers of Perl Wisdom