[Mastering-perl] Taint checking (duh!)
Sagar R. Shah
sagarshah at SoftHome.net
Thu Jun 15 15:49:12 EDT 2006
brian,
I've reviewed your current draft of the "taint checking" chapter and would
like to give you some feedback:
* Overall I think it's very well written and pretty comprehensive.
<minor>
* mod_perl
* "PerlTaintCheck On" = mod_perl 1.x syntax
* including -T in PerlSwitches = mod_perl 2.x syntax
* It's probably worth pointing out both
* mod_perl is only for Apache so it may not be necessary for pointing
out conditions for other webservers, I don't know of any that have an
equivalent
* Although you've pointed out that the approved way to untaint is regular
expressions, I think it's worth adding a small section to point out the
existance of:
* Regex::Common family of modules
* CGI::Untaint family of modules
* Class::CGI family of modules
* This is because imho we should direct users not re-invent the regex
wheel unless they have a good reason (e.g. working in an environment
without CPAN modules)
</minor>
I hope you find my feedback useful.
Best Regards
Sagar R. Shah
(PAUSEID: SRSHAH)
More information about the Mastering-perl
mailing list