Front page | perl.perl5.porters |
Postings from October 2012
Taint mode is a feature that distinguishes Perl from other dynamic languages which might be a good thing. On the other hand who really uses it to increase security? It seems some time ago it was best practice so quite a lot of people added it to their test suite. But just because it seemed to be a good idea or solution doesn't mean it has to stay that way. It's a global flag as David already mentioned which could cause action at a distance. If you still think that taint mode is a feature that should stay supported in the way it is now, that the performance penalty and maintenance burden is worth it a compile time option is a welcome addition. But if it doesn't make sense any more because most data doesn't come from disk but the network today it might be a better idea to deprecated it (slowly as usual). Perlsec still reads like -T is something everybody should do 'for server programs'. I wonder how many people do... -AlexThread Previous | Thread Next