Front page | perl.perl5.porters |
Postings from October 2012
Thanks for giving me feedback on my thoughts!
On Mon, Oct 22, 2012 at 9:25 PM, Steffen Schwigon <ss5@renormalist.net>wrote:
> Alexander Hartmaier <alex.hartmaier@gmail.com> writes:
> > Taint mode is a feature that distinguishes Perl from other dynamic
> > languages which might be a good thing.
>
> Indeed.
>
>
> > On the other hand who really uses it to increase security?
>
> You don't need it always, but once you need to write a program with
> security in mind it is an extremely helpful tool.
>
I don't know when I used one of the functions listed in the example of
perlsec in one of my apps.
But as I said I'm writing mostly network and web specific things.
>
>
> > [...]
> > But if it doesn't make sense any more because most data doesn't come
> > from disk but the network today it might be a better idea to
> > deprecated it (slowly as usual).
>
> -1
>
> I'm for the compile time option that is discussed here - but I am
> strongly against a deprecation of such a powerful feature.
>
It seems many people think that way:
http://stackoverflow.com/questions/2228457/is-perls-taint-mode-useful
> Kind regards,
> Steffen
> --
> Steffen Schwigon <ss5@renormalist.net>
> Perl benchmarks <http://perlformance.net>
> Dresden Perl Mongers <http://dresden-pm.org/>
>
The ideal solution would be to transform the feature from global to scoped.
For example in a module use taint; and in some performance critical sub {
no taint; }
Is this possible from a technical point of view?
Can you think of a way to keep the command line options and add the new
keyword/module?
Thread Previous
|
Thread Next