[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Taint Talk



At 07.18 12/31/97, Karsten Meier wrote:
>I will try to port the taint-module from Dan Sugalski to the Mac.
>With this module you can taint data yourself and check if data is tainted,
>so you can make experiments to understand the whole issue better.

FYI, Tom Phoenix *is* porting his Taint module to MacPerl.  You might want
to consult both of them; are you on the p5p list?  They are currently
talking with each other about which direction to go now that both modules
are about ready.


>I think the current state should be changed because
>* you can't use a debugger with taint-check on
>* Many people will get confused when a module suddendly not
>  get loaded successful, and will diasable taintcheck again.
>* I think the risk of a bad cgi is much higher than the risk of
>  a manipulated @INC Path, so a 99% Solution that works for all people
>  may be better 100% solution that is to complex to use.

This will all be fixed by my most recent plan, FWIW.

--
Chris Nandor               pudge@pobox.com           http://pudge.net/
%PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10  1FF7 7F13 8180 B6B6'])
#==                    MacPerl: Power and Ease                     ==#
#==    Publishing Date: Early 1998. http://www.ptf.com/macperl/    ==#



***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch