[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Data::Dumper, eval and taint

To: MacPerl mailing list <macperl@macperl.org>
Subject: Re: [MacPerl] Data::Dumper, eval and taint
From: Bart Lateur <bart.lateur@skynet.be>
Date: Sat, 23 Sep 2000 08:41:55 +0200
In-Reply-To: <v04220804b5f122fba66f@[207.149.221.8]>
Organization: MediaMind
References: <v04220804b5f122fba66f@[207.149.221.8]>

On Fri, 22 Sep 2000 07:55:41 -0700, Andrew O. Mellinger wrote:

>   I would like to use data dumper to store datafiles.  The idea is 
>then to load the info in (through eval) and pass it on to 
>HTML::Template for display.  However, taint really doesn't like eval, 
>and I'm trying to find a simple way to make sure the data is clean, 
>instead of going on faith.  Any ideas?

If you're absolutely sure the data was generated by Data::Dumper, then
it *will be* clean. Do the simple untaint trick, 

	($clean) = /(.*)/s;

and you can go ahead.

The only risk you run is if hackers were to replace your data with their
perl code.

-- 
	Bart.

# ===== Want to unsubscribe from this list?
# ===== Send mail with body "unsubscribe" to macperl-request@macperl.org

References:
- [MacPerl] Data::Dumper, eval and taint
  - From: "Andrew O. Mellinger" <andrew@criticalpath.com>

Prev by Date: Re: [MacPerl] MacPerl and OS X (yet again :-)
Next by Date: Re: [MacPerl] MacPerl and OS X (yet again :-)
Prev by thread: Re: [MacPerl] Data::Dumper, eval and taint
Next by thread: [MacPerl] Re: [MacPerl-Modules] PLease help me
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net