| Joel Uckelman on Fri, 29 Dec 2006 10:09:01 -0700 (MST) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [s-d] dice server enhancements, part 2 |
Thus spake "Chuck Adams": > On 12/28/06, Joel Uckelman <uckelman@xxxxxxxxx> wrote: > > I don't see any way to do what I want with taint in Perl. All input is > > tainted until I say it's not---but the problem is that I'm not sure > > how to identify good input so I can untaint it. > > The simple answer: you don't untaint it at all. You're only doing > mathematical operations, which are perfectly taint-safe. Anything > that invokes a taint-unsafe operation like system() will die. You > might possibly need to untaint just before you output, but that should > be perfectly safe at that point. You, sir, are a genius. I'd completely forgotten how taint worked since the last time I used it. Actually, taint isn't quite the right thing. Your suggestion prompted me to look at the Safe module, which is *exactly* what I was looking for. I wish I would have know of this a week ago, before I spent the intervening time writing a C-fragment interpreter. *sigh* -- J. _______________________________________________ spoon-discuss mailing list spoon-discuss@xxxxxxxxx http://lists.ellipsis.cx/mailman/listinfo/spoon-discuss