In a message dated: Thu, 07 Mar 2002 11:11:59 EST Benjamin Scott said:
>From the Perl CGI(3) manual page: >> This creates a series of variables in the 'R' namespace. For example, >> $R::foo, @R:foo. For keyword lists, a variable @R::keywords will appear. >> If no namespace is given, this method will assume 'Q'. WARNING: don't >> import anything into 'main'; this is a major security risk!!!! > > They do, at least, warn you about it. :-) I'm confused as to how this would work. The man page is talking about the invocation of a specific method, i.e. the 'import_names()' method. It sounded like things "just happened", when in fact, you must invoke this method intentionally. Which, if you do, is fine, provided you also take the time to "de-taint" everything before you do something potentially dangerous with that data. -- Seeya, Paul ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************
