Joel Uckelman on Fri, 29 Dec 2006 10:09:01 -0700 (MST)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [s-d] dice server enhancements, part 2

Thus spake "Chuck Adams":
> On 12/28/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote:
> > I don't see any way to do what I want with taint in Perl. All input is
> > tainted until I say it's not---but the problem is that I'm not sure
> > how to identify good input so I can untaint it.
> The simple answer: you don't untaint it at all.  You're only doing
> mathematical operations, which are perfectly taint-safe.  Anything
> that invokes a taint-unsafe operation like system() will die.  You
> might possibly need to untaint just before you output, but that should
> be perfectly safe at that point.

You, sir, are a genius. I'd completely forgotten how taint worked since
the last time I used it.

Actually, taint isn't quite the right thing. Your suggestion prompted
me to look at the Safe module, which is *exactly* what I was looking
for. I wish I would have know of this a week ago, before I spent
the intervening time writing a C-fragment interpreter. *sigh*

spoon-discuss mailing list