[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Taint Checks

To: "Paul J. Schinder" <schinder@pjstoaster.pg.md.us>
Subject: Re: [MacPerl] Taint Checks
From: pudge@pobox.com (Chris Nandor)
Date: Tue, 18 Nov 1997 22:57:33 -0500
Cc: mac-perl@iis.ee.ethz.ch

At 19.54 11/18/97, Paul J. Schinder wrote:
>haven't used tainting that much myself, but my understanding is that every
>piece of data that comes from outside the Perl script is "tainted".

That is ideally the case, but not always.  An extension can be implemented
which does not support the model; for instance, the MacPerl toolbox modules
(and even the MacPerl::Ask function) do not taint data that technically
should be tainted.

There is a Taint module (a couple of them, actually) with which you can
taint intentionally and untaint and check the taint of data.

>There are ways of untainting data, but deliberately it's not simple.

There is only one simple way to untaint data (aside from using a function
from a Taint module).  If you do a matching regex and capture the data into
new variables, the data in the new variables is no longer tainted:

        $tainted_data =~ /^(.+)$/s;
        $untainted_data = $1;

Of course, this is not recommended unless you know precisely what the data is.

--
Chris Nandor               pudge@pobox.com           http://pudge.net/
%PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10  1FF7 7F13 8180 B6B6'])
#==                    MacPerl: Power and Ease                     ==#
#==    Publishing Date: Early 1998. http://www.ptf.com/macperl/    ==#

***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch

Prev by Date: Re: [MacPerl] Taint Checks
Next by Date: Re: [MacPerl] [MacPerl Announcement] Source distribution released
Prev by thread: Re: [MacPerl] Taint Checks
Next by thread: [MacPerl] GetFileInfo
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net