Re: RFC 288 (v2) First-Class CGI Support

[Dan Sugalski]

At 12:52 PM 9/27/00 -0700, Nathan Wiger wrote:
>Dan Sugalski wrote:
> >
> > >Because taint mode needs to be turned on REEELY early, like before
> > >pragmas are compiled.
> >
> > 'no taint' does make sense, though 'use taint' might not except to locally
> > undo 'no taint'.
>
>Actually, from my talks with Larry both on and off-list about this, he
>convinced me pretty strongly that the only thing that really makes sense
>is untainting data sources. And this should be done via $fh->untaint,
>which already exists.

'no taint' and 'use taint' shouldn't affect whether data is tainted--the 
rules for that should stay in effect. What they should alter instead is 
perl's response to tainted data while they're in effect. In a 'use taint' 
block perl should check, while in a 'no taint' block it shouldn't.

That does make rather a lot of sense, though it's arguable whether it's a 
good idea if you don't know what you're doing. That's never been perl's 
problem, though... :)

                                        Dan

--------------------------------------"it's like this"-------------------
Dan Sugalski                          even samurai
[EMAIL PROTECTED]                         have teddy bears and even
                                      teddy bears get drunk