[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Taint Talk

To: Karsten Meier <krstnmr@ibm.net>
Subject: Re: [MacPerl] Taint Talk
From: pudge@pobox.com (Chris Nandor)
Date: Wed, 31 Dec 1997 08:36:13 -0500
Cc: "MacPerl List" <mac-perl@iis.ee.ethz.ch>

At 07.18 12/31/97, Karsten Meier wrote:
>I will try to port the taint-module from Dan Sugalski to the Mac.
>With this module you can taint data yourself and check if data is tainted,
>so you can make experiments to understand the whole issue better.

FYI, Tom Phoenix *is* porting his Taint module to MacPerl.  You might want
to consult both of them; are you on the p5p list?  They are currently
talking with each other about which direction to go now that both modules
are about ready.


>I think the current state should be changed because
>* you can't use a debugger with taint-check on
>* Many people will get confused when a module suddendly not
>  get loaded successful, and will diasable taintcheck again.
>* I think the risk of a bad cgi is much higher than the risk of
>  a manipulated @INC Path, so a 99% Solution that works for all people
>  may be better 100% solution that is to complex to use.

This will all be fixed by my most recent plan, FWIW.

--
Chris Nandor               pudge@pobox.com           http://pudge.net/
%PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10  1FF7 7F13 8180 B6B6'])
#==                    MacPerl: Power and Ease                     ==#
#==    Publishing Date: Early 1998. http://www.ptf.com/macperl/    ==#



***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch

Prev by Date: Re: [MacPerl] CGI help
Next by Date: [MacPerl] perl Tk status?
Prev by thread: Re: [MacPerl] Taint Talk
Next by thread: [MacPerl] Strange messages
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net