Hi, I tend to look after the CGI servlet. I am about to go on annual leave but will try and look at it when I get back (mid-June ish).
Mark > -----Original Message----- > From: Larry Levin [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 27, 2004 4:59 PM > To: [EMAIL PROTECTED] > Subject: can CGI Servlet handle Perl taint checking? > > Hi; > > I am trying to get Bugzilla to work with Tomcat and have run into a > problem. The latest stable release of Bugzilla (2.16) has implemented > "taint checking" in all of the CGI perl scripts as a security > feature. > When I attempt to access Bugzilla via Tomcat, I get a message > in the log > file from the CGI servlet that its too late to turn on the > "-T" option. > > The problem as I understand it, is that the perl executable must be > started up with taint checking enabled if the scripts are going to > invoke it. Is there any way I can set an option in Tomcat to have the > CGI servlet properly handle this aspect of perl? Does it > matter whether > I run Tomcat 4.1 or 5.0 ? > > Thanks > > Larry Levin > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
