Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Does the script use Perls taint mode?

April 26, 2017mode Perl Script taint

0

Posted

Does the script use Perls taint mode?

1 Answer

0

Posted

Accepting external data from a Web browser is a dangerous business. You can never be sure what you’ll get. If you add -T to a program’s shebang line, then Perl goes into taint mode. In this mode Perl distrusts any data that it gets from external sources. You need to explicitly check this data before using it. Using -T is a sign that the author is at least thinking about CGI security issues. • Does the script use CGI.pm? Since Perl 5.004, CGI.pm has been a part of the standard Perl distribution. This module contains a number of functions for handling various parts of the CGI protocol. The most important one is probably param, which deals with the parsing of the query string to extract the CGI parameters. Many CGI scripts write their own CGI parameter parsing routine that is missing features or has bugs. The one in CGI.pm has been well-tested over many years in thousands of scripts – why attempt to reinvent it? • How often is the script updated? One reason for a script not to use CGI.pm

Does Calcium work in Perls "taint" mode?
Does the script use Perls taint mode?
What is Taint Mode?