Re^2: Match number >= 0 and <1

If you are going to untaint in this method ("anything is good"), why bother with taint checks at all. Taint checks are there for a reason: Users can be evil.

Ivan Heffner
Sr. Software Engineer, DAS Lead
WhitePages.com, Inc.

Comment on Re^2: Match number >= 0 and <1

Replies are listed 'Best First'.
Re^3: Match number >= 0 and <1 by gam3 (Curate) on Jul 29, 2005 at 17:55 UTC
Could you please show me a value for `$string` that causes `$num` to be other than a number (or some other side effect) for this code: `$num = $string + 0;`. -- gam3 A picture is worth a thousand words, but takes 200K.	[reply]
Re^3: Match number >= 0 and <1 by Anonymous Monk on Aug 01, 2005 at 14:01 UTC
If you are going to untaint in this method ("anything is good"), why bother with taint checks at all. Because in Perl, taintness is all or nothing. If you turn it on for a Perl program, anything coming from the outside is marked tainted - even data coming from untrusted sources, or data that you are going to use in a way that will be safe regardless what it contains. But if you to turn on taint checking because there's one untrusted source, of which you'll be using some data in a potentially insecure way, you have all your data mark tainted. Ah, if only Perl had a way to mark data from specific sources to be tainted. `sysopen my $handle, "untrusted_file", O_RDONLY \| O_TAINTED or die;` [download]	[reply] [d/l]