发表新帖
发表新帖

Is Perl's taint mode useful?

前端 未结
关注
6 1395
再見小時候
再見小時候 2021-01-01 11:43 
perl -T

Do you use it? Does it help you finding security holes in your Perl scripts?

6条回答
  • -上瘾入骨i
    -上瘾入骨i (楼主)
    2021-01-01 12:24

    Oh, gods, no. Taint mode should have been yanked from Perl 15-20 years ago. It prevents nothing as you cannot possibly validate the response of certain commands. It gets people to believe they're secure, but all they do is /(.*)/. It breaks nearly everything on Windows (even being able to get an accurate temporary directory). DO NOT USE TAINT

    0 讨论(0)
 看不清?
提交回复
热议问题