[Petal] Petal::TAINT problems under Apache::Registry
Jean-Michel Hiver
jhiver at mkdoc.com
Tue Oct 7 11:37:16 BST 2003
On a side note, I'm wondering about this TAINT business altogether. I
have made a little experiment:
In _code_memory_cached, I have removed all TAINT related logic. I then
ran all the tests in the test suite running perl -Tw. And all tests
pass!
So one question is: what is it in your scripts that make Petal think its
input is unsafe? Where does it come from?
Another question in my mind is: How come your scripts run fine with
Petal 1.06 since I didn't change any of the taintmode logic that you
submitted?
Also, why do we need to use the Safe module for taintmode? Again, on my
system the test suite passes with Taintmode and with none of that TAINT
/ Safe logic enabled.
Cheers,
--
Building a better web - http://www.mkdoc.com/
---------------------------------------------
Jean-Michel Hiver
jhiver at mkdoc.com - +44 (0)114 255 8097
Homepage: http://www.webmatrix.net/
More information about the Petal
mailing list