Taint check
Colin Bendell
cbendell at point2.com
Wed May 28 14:55:20 UTC 2003
> -----Original Message-----
> From: J. Paul Reed [mailto:preed at sigkill.com]
> Sent: Wednesday, May 28, 2003 1:19 AM
>
> On 27 May 2003 at 15:16:24, Colin Bendell moved bits on my disk to
say:
> > I've had to remove them to get Perl working under win32 (worked as
is in
> > the linux configuration).
>
> That's probably not the proper solution to the problem; doing so
reduces
> the security of your BZ installation.
>
> Are you using IIS?
Yes, and this seems to be the problem. I'm using ActiveState's
perlis.dll to execute the perl cgi which doesn't support the taint check
(because it is loaded early).
Isn't the taint check just as much a problem when using mod_perl?
For now I'm content to remove the -T switch and let cvs do the diffs for
me :)
Thanks for the pointer.
/colin
More information about the developers
mailing list