From: "Dan Sugalski" <[EMAIL PROTECTED]>
To: "Nathan Wiger" <[EMAIL PROTECTED]>
Sent: Wednesday, September 27, 2000 4:08 PM
> 'no taint' and 'use taint' shouldn't affect whether data is tainted--the
> rules for that should stay in effect. What they should alter instead is
> perl's response to tainted data while they're in effect. In a 'use taint'
> block perl should check, while in a 'no taint' block it shouldn't.
Couldn't have said it better myself. And god knows I've tried. <G>
It might be nice if the result of a calculation was never tainted when the
calculation was in a 'no taint' block.
> That does make rather a lot of sense, though it's arguable whether it's a
> good idea if you don't know what you're doing. That's never been perl's
> problem, though... :)
I think that 'no taint' should solicit a warning. (default warning set)
It should warn sepperately if uid=0 or gid=0 when you 'no taint'. (default
warning set)
It should fail if you 'no taint' when uid=0 or gid=0 with 'use strict
"taint"'. (in default strict set?)
Hm, this behavor would be equivlent to making "unsafe" errors normal:
'no strict "taint"' == 'no taint'
'use strict "taint"' == 'use taint'
'use warnings "taint"' == 'use taint warnings'
(You'd have to put the warnings/errors about 'no taint' in the 'notaint'
set.)
-=- James Mastros
