Taint check

Bradley Baetz bbaetz at acm.org
Thu May 29 14:45:12 UTC 2003


On Wed, May 28, 2003 at 03:50:08PM -0600, Colin Bendell wrote:
> As far as I know there aren't any global options available for the isapi
> plugin perlis.dll .  If I switch to using the perl executable, then
> certainly I can specify a global taint check setting. 

Hmm. You may not be able to turn it off individually, but can't you copy
the dll, rename it, and have one with taint on, and one with taint off?

> 
> I've read that some admin components don't work with the global taint
> setting turned on.  Is this correct? If so, which pages are these?
> 


Most of edit*.cgi. They're not user facing, and you need to login first
for
them, so they're less important. They should still be converted at some
stage though

Bradley



More information about the developers mailing list