Taint check
Bradley Baetz
bbaetz at acm.org
Wed May 28 09:31:57 UTC 2003
On Tue, May 27, 2003 at 03:16:24PM -0600, Colin Bendell wrote:
> What is the reasoning for using the Taint check on many of the perl
> scripts in bugzilla?
Security. DBI is configured to taint check all its arguments, so we
ensure that data has been validated. We fixed a ton of security holes
when I added this.
> I've had to remove them to get Perl working under
> win32 (worked as is in the linux configuration).
What broke?
Bradley
More information about the developers
mailing list