Hello MacPerl List I have just experimented with taint checks. I was very surprised to find that my @INC is not valid any more. Fortunately I remembered that there is a draft chapter about cgi in the new MacPerl Book. It explains that the user pathes of @INC are insecure. If you think about it, you know it is true. It shows the following solution: BEGIN { unshift @INC, "$ENV{MACPERL}lib:MacPPC:","$ENV{MACPERL}lib:" } But the Problem is CGI.pm is not working now: It autoloads lot of its code with eval, and since it finds itself via @INC, and @INC is tainted via $ENV{MACPERL}, taintchecking fails. (I'm not sure about the reason, but I'm sure that it fails) try for example: BEGIN { unshift @INC, "$ENV{MACPERL}lib:MacPPC:","$ENV{MACPERL}lib:" } use CGI ':standard'; print header; MacPerl 5.15r4 tells me: # Insecure dependency in eval while running with -T switch. File 'work:MacPerl Ä:lib:CGI.pm'; Line 575 I needed to write BEGIN { unshift @INC, "work:MacPerl Ä:lib:MacPPC:","work:MacPerl Ä:lib:" } to get my script working. This is not a very good solution, because the script is very unportable now, but I see no other. I'm still wonder why "use CGI" was secure, but the eval in autoload not. Has anybody experiences with this? regards Karsten Meier --------------------------------------------------------------------- Karsten Meier EMail krstnmr@ibm.net WWW: http://www.meier-online.com with following highlights: * German MacPerl Primer * XTensions for use with QuarkXPress Unsolicited and/or commercial email is not permitted at this address. ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch