Taint check
Bradley Baetz
bbaetz at acm.org
Wed May 28 21:06:58 UTC 2003
On Wed, May 28, 2003 at 08:55:20AM -0600, Colin Bendell wrote:
>
> Yes, and this seems to be the problem. I'm using ActiveState's
> perlis.dll to execute the perl cgi which doesn't support the taint check
> (because it is loaded early).
Really? Not even with an option? Does the IIS persistence stuff work?
Dont we have the same issue swith global variables that we do with
mod_perl?
>
> Isn't the taint check just as much a problem when using mod_perl?
We have to enable it in the mod_perl config, yes. And that will then
apply for all mod_perl instances on teh same host, so if you're running
another perl app which doesn't support taint mode then I guess you will
have issues.
>
> For now I'm content to remove the -T switch and let cvs do the diffs for
> me :)
>
Taint mode isn't to stop problems we know about, its to stop ones we
don't know about.
Bradley
More information about the developers
mailing list