Hi Ed --
> Now I'm starting to get ready for deployment and have turned
> on Taint
> mode with the -T option of the instance scripts and need to untaint
> the the environment variables. Is there a best practice for this?
I generally don't use taint because I've found it to be a huge pain in
the ass, with dubious security value. (It warns on many things which
don't matter, and encourages the programmer to write bad regular
expressions to hush up the warnings. If I wanted a language which
forces me to jump through useless hoops, I'd use Java!)
That said, to untaint PERL5LIB I stick the following at the top of all
my instance scripts:
#!/usr/bin/perl -wT
BEGIN {
$perl5lib = $ENV{PERL5LIB};
$perl5lib =~ /^(.*)$/;
$perl5lib = $1;
}
use lib $perl5lib;
TTYL,
-Jesse-
--
Jesse Erlbaum
The Erlbaum Group
suppressed
Phone: 212-684-6161
Fax: 212-684-6226
---------------------------------------------------------------------
Web Archive: http://www.mail-archive.com/suppressed/
http://marc.theaimsgroup.com/?l=cgiapp&r=1&w=2
To unsubscribe, e-mail: suppressed
For additional commands, e-mail: suppressed
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.