发表新帖
发表新帖

Is Perl's taint mode useful?

前端 未结
关注
6 1428
再見小時候
再見小時候 2021-01-01 11:43 
perl -T

Do you use it? Does it help you finding security holes in your Perl scripts?

6条回答
  • 再見小時候
    再見小時候 (楼主)
    2021-01-01 12:02

    More than that :) it stops your security issues before they become one. It is not a security silver bullet of course... we used to use it (a few years back when I was involved in Perl projects) in any script that was exposed externally (i.e. any mod_perl app) and we found it very useful and made it our policy. It does a few checks and it is handy.. (anything makes things automated)

    Perl Security - perlsec recommends it strongly too:

    This flag [Taint mode] is strongly suggested for server programs and any program run on behalf of someone else, such as a CGI script. Once taint mode is on, it's on for the remainder of your script.

    0 讨论(0)
 看不清?
提交回复
热议问题