> -----Original Message----- > From: Perrin Harkins [mailto:[EMAIL PROTECTED] > Sent: 28 March 2007 17:18 > To: Shah, Sagar: IT (LDN) > Cc: modperl@perl.apache.org > Subject: Re: "Insecure dependency in eval while running setgid" error > > On 3/28/07, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > > Keep taint mode on in dev, so you can identify your issues in > > > development, then turn in off in prod. > > > > Is that actually the generally recommended approach? > > It's hard to know for sure that you've tried every code path in dev, > even if you do use coverage analysis. > > I think the reality though is that hardly anyone uses taint mode. > It's a lot of work.
Well it requires you to think about your inputs and write/re-use suitable regexes, but apart from that I think the benefits outweight the costs. I've been this taint mode in this particular system for three years and this is the first time I've run into a crazy issue like this. > > I know there are some people that argue that warnings should also be > > turned off in prod > > Those people are nuts. Warnings give very valuable feedback about > unforeseen errors in prod, and the only risk is a larger log file. > > - Perrin ------------------------------------------------------------------------ For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------
