Tamas TEVESZ <[EMAIL PROTECTED]> wrote: > > DOCUMENT_ROOT is set by the server, so it's just unneccessary > overhead. you can of course do that, but if you don't trust your > webserver, why are you running it at the first place ? :>
If you don't have taint mode on when coding perl scripts that must run in hostile environments (eg. CGIs), you're an idiot, and you're going to have problems sooner or later. If you *do* have taint mode on, then you need to untaint everything you want to use, including environment variables that you would normally trust anyway. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ [EMAIL PROTECTED] | tSA Consulting | OpenPGP key ID: DE89C75C, available on key servers OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
pgp1fAYVW29mH.pgp
Description: PGP signature
