Oops, my response ignores the specific line perl actually complained
about. ;>
One of the three variables used in the filename itself is tainted.
I don't know which one because I don't know the rest of your code.
Same rules as the ones I listed apply.
> > if ( open( FD, "<$Globals::DATA/$site/$Globals::REFTALLY" )) {
>
> > #**************Error occurs here (on open)***************
> > if ( open( FD, ">$Globals::DATA/$site/$Globals::REFTALLY" )) {
>
> > Insecure dependency in open while running with -T switch at
>
> perl is being run with the -T switch. This means you are running in
> "taint mode". Taint mode means data that you get from outside
> your program is untrusted and untrusted data is marked -- "tainted".
> You can not send tainted data, directly or indirectly, back outside
> your program. Any data whose value might be affected by tainted
> data is itself tainted.
>
> Solutions:
>
> 1. Turn taint checking off. (And your code becomes insecure to the
> extent that outside data should not be trusted and your use of that
> data is open to abuse.)
>
> 2. Turn tainting off for the FD filehandle. (And your code becomes
> insecure to the extent that data from that file should not be trusted
> and your use of that data is open to abuse.) See FileHandle.pm.
>
> 3. Process the data to verify it is ok, then untaint it bit by bit as
> appropriate. (And your code is insecure to the extent that you
> screw up.)
>
> See
>
> perldoc perlsec
>
> hth
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
