[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Data::Dumper, eval and taint



On Fri, 22 Sep 2000 07:55:41 -0700, Andrew O. Mellinger wrote:

>   I would like to use data dumper to store datafiles.  The idea is 
>then to load the info in (through eval) and pass it on to 
>HTML::Template for display.  However, taint really doesn't like eval, 
>and I'm trying to find a simple way to make sure the data is clean, 
>instead of going on faith.  Any ideas?

If you're absolutely sure the data was generated by Data::Dumper, then
it *will be* clean. Do the simple untaint trick, 

	($clean) = /(.*)/s;

and you can go ahead.

The only risk you run is if hackers were to replace your data with their
perl code.

-- 
	Bart.

# ===== Want to unsubscribe from this list?
# ===== Send mail with body "unsubscribe" to macperl-request@macperl.org