On Tue, 01 Aug 2000, Matthew Cline wrote:
>
> I would prefer something like:
>
> #! perl -T
> $ENV{PATH} = untaint( read_config_file() );
>
> In other words, either make the 'Taint' and 'Untaint' packages part of the
> standard distribution, or put them into the core language.
>
This is (currently) easy to do.
> Something else which might be useful for tainting would be something like:
>
> taint_var($foo);
> no_taint_var($bar);
>
> With this, any value assigned to $foo would become tainted, and any value
> assigned to $bar would become untainted.
>
Hmmmm, I'm not sure about this.
> Also:
>
> my $fh = new FileHandle("trusted_config_file");
> $fh->setTrusted(1);
>
> Then anything read from $fh wouldn't be tainted, rather than having to
> untaint every single thing read from $fh.
>
This would also be easy to do.
--
Bryan C. Warnock
([EMAIL PROTECTED])
