Michael Kraus wrote:
now I'm wondering what others on this list would recommend regarding
CGI::Untaint(?). :)
Didn't know it existed until you mentioned it.
My philosophy, when running a program in taint mode, is that validating
form data and untainting are two separate things: I validate much of the
data to prevent that my app stores bad data and/or generates bad output,
while I only untaint those variables that are used for system interaction.
The (very) quick look I had at the CGI::Untaint POD leaved the
impression that it's designed for untainting all CGI data. If that's the
case, I have to ask what the point is. Isn't it even more secure to
leave user provided data, that are not used in system operations, tainted?
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
