Taint check
Colin Bendell
cbendell at point2.com
Thu May 29 15:24:21 UTC 2003
> -----Original Message-----
> From: Bradley Baetz [mailto:bbaetz at acm.org]
> Sent: Thursday, May 29, 2003 8:45 AM
> On Wed, May 28, 2003 at 03:50:08PM -0600, Colin Bendell wrote:
> > As far as I know there aren't any global options available for the
isapi
> > plugin perlis.dll . If I switch to using the perl executable, then
> > certainly I can specify a global taint check setting.
>
> Hmm. You may not be able to turn it off individually, but can't you
copy
> the dll, rename it, and have one with taint on, and one with taint
off?
Unfortunately its not as simple as that. Using the isapi dll's you
can't set taint check on or off not unless you modify the code, which is
not available since ActiveState has kept this closed source. Oh well.
Guess I'll have to just live with the performance penalty of executing
perl for each page visit.
For posterity sake, the change that has to be made in IIS (5) is to
associate .cgi scripts with:
c:\perl\bin\perl.exe -T "%s" "%s"
thanks
/colin
More information about the developers
mailing list