in reply to Untainting 'bad' filenames

Taint checking is more designed for things like unsecure user input. If your directory is secure (not world reabable- useable by local trusted users, etc.), then taint checking doesn't offer much. You should check the files yourself with your own regex to ensure that they meet the limits of a certain length and file naming convention. if not, do not process it. If this is a directory where some generated files are created by user "filebot" then you probably don't even need to worry about that. I don't see taint checking particularly useful here, since I imagine that you are using an perl directive after a series of readdirs, right? not executing some shell commands which should be avoided anyway, right?
AgentM Systems nor Nasca Enterprises nor Bone::Easy nor Macperl is responsible for the comments made by AgentM. Remember, you can build any logical system with NOR.

Replies are listed 'Best First'.
Re: Re: Untainting 'bad' filenames
by doran (Deacon) on Dec 08, 2000 at 11:54 UTC
    Yea, the only thing that should be writing files to the directory I'm checking is a custom built (not by me) ftp server. If I start encountering files that don't untaint easily, I've got real problems and will have to deal with it accordingly.

    Thanks to everybody for the input.

    db

[reply]

In Section Seekers of Perl Wisdom