>OK, many people are getting sick of taint talk. Ok, I brought this up, so I make some final remarks. It is easy forget some details if you talk about security. So an ad-hoc solution is often insecure. I will make some investigation about security concerns on the mac the next weeks and come back when I have results. I will try to port the taint-module from Dan Sugalski to the Mac. With this module you can taint data yourself and check if data is tainted, so you can make experiments to understand the whole issue better. ( I already succesfully used xsubpp, set up include path, and compiled it succesfully. Now I try to find out what libraries I need, and how I make it a module. If anybody can help me with that I would be happy. just email me directly) I think the current state should be changed because * you can't use a debugger with taint-check on * Many people will get confused when a module suddendly not get loaded successful, and will diasable taintcheck again. * I think the risk of a bad cgi is much higher than the risk of a manipulated @INC Path, so a 99% Solution that works for all people may be better 100% solution that is to complex to use. regards Karsten Meier --------------------------------------------------------------------- Karsten Meier EMail krstnmr@ibm.net WWW: http://www.meier-online.com with following highlights: * German MacPerl Primer * XTensions for use with QuarkXPress Unsolicited and/or commercial email is not permitted at this address. ***** Want to unsubscribe from this list? ***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch