From: "Dan Sugalski" <[EMAIL PROTECTED]>
To: "Nathan Wiger" <[EMAIL PROTECTED]>
Sent: Wednesday, September 27, 2000 4:08 PM
> 'no taint' and 'use taint' shouldn't affect whether data is tainted--the
> rules for that should stay in effect. What they should alter instead is
> perl's response to tainted data while they're in effect. In a 'use taint'
> block perl should check, while in a 'no taint' block it shouldn't.
Couldn't have said it better myself.  And god knows I've tried.  <G>

It might be nice if the result of a calculation was never tainted when the
calculation was in a 'no taint' block.

> That does make rather a lot of sense, though it's arguable whether it's a
> good idea if you don't know what you're doing. That's never been perl's
> problem, though... :)
I think that 'no taint' should solicit a warning.  (default warning set)
It should warn sepperately if uid=0 or gid=0 when you 'no taint'.  (default
warning set)
It should fail if you 'no taint' when uid=0 or gid=0 with 'use strict
"taint"'.  (in default strict set?)

Hm, this behavor would be equivlent to making "unsafe" errors normal:
'no strict "taint"' == 'no taint'
'use strict "taint"' == 'use taint'
'use warnings "taint"' == 'use taint warnings'

(You'd have to put the warnings/errors about 'no taint' in the 'notaint'
set.)

    -=- James Mastros

Reply via email to