[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Taint Checks



Due to changes in the taint mechanism in perl5.004, you can no longer call
-T on the #! line of your MacPerl scripts, but only via the menu selection
or via an AppleEvent parameter to the Do Script event.

This causes problems especially for CGIs, where there is really no reason
to not do taint checking; IMO, it cannot be stressed too much that taint
checking should always be done in CGIs (except in extraordinary
situations).  Now, you can do taint checking for your MacPerl CGIs, but
only if you do taint checking then for ALL scripts run under that MacPerl
app.

However, I spent the better part of Sunday building MacPerl with the help
of Matthias (I hope to document my struggles), and in between runs at the
MacPerl build I worked on the MPCGI code, too, and hacked taint checking
into it.  I will make it available soon, and would appreciate some
feedback.

Personally, I am going to remove the regular CGI Script extension and only
use the taint check version.  However, you can have both installed and use
whichever you like (though I recommend using the new taint-checking version
in almost every situation).  The only difference between the two are the
name, the package code (WWW  instead of WWW½), and the fact that it does
taint checks.

It is available at:

        http://pudge.net/macperl/PCGIT/

--
Chris Nandor               pudge@pobox.com           http://pudge.net/
%PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10  1FF7 7F13 8180 B6B6'])
#==                    MacPerl: Power and Ease                     ==#
#==    Publishing Date: Early 1998. http://www.ptf.com/macperl/    ==#