On Fri, 22 Sep 2000, Andrew O. Mellinger wrote: > I would like to use data dumper to store datafiles. The idea is > then to load the info in (through eval) and pass it on to > HTML::Template for display. However, taint really doesn't like eval, > and I'm trying to find a simple way to make sure the data is clean, > instead of going on faith. Any ideas? If it is really data, why do you need to eval it? Why not just read in a file or tie a DB? If the issue is whether the data is well-formed, you should be able to get around the eval limitations, and taint is probably too strict a check to use, anyway. On the other hand, if the issue is whether a user has deliberately entered bad data, then you shouldn't untaint it. You probably should separate your code (the eval part) from the user data (the potentially malicious stuff), by reading and writing a data-only file. There is no way AFAIK to programmatically generate trust in code, only in data passed to code. "Tainted" code can only be walled off and limited. -- MattLangford # ===== Want to unsubscribe from this list? # ===== Send mail with body "unsubscribe" to macperl-request@macperl.org