Is Perl's taint mode useful?

perl taint
Juanjo Conti picture Juanjo Conti · Feb 9, 2010 · Viewed 7.4k times · Source 
perl -T

Do you use it? Does it help you finding security holes in your Perl scripts?

Answer

ziya picture ziya · Feb 9, 2010

More than that :) it stops your security issues before they become one. It is not a security silver bullet of course... we used to use it (a few years back when I was involved in Perl projects) in any script that was exposed externally (i.e. any mod_perl app) and we found it very useful and made it our policy. It does a few checks and it is handy.. (anything makes things automated)

Perl Security - perlsec recommends it strongly too:

This flag [Taint mode] is strongly suggested for server programs and any program run on behalf of someone else, such as a CGI script. Once taint mode is on, it's on for the remainder of your script.

Related questions

What is the significance of -T or -w in #!/usr/bin/perl?

I googled about #!/usr/bin/perl, but I could not find any satisfactory answer. I know it’s a pretty basic thing, but still, could explain me what is the significance of #!/usr/bin/perl in Perl? Moreover, what does …

Read More
Installing perl/cpan from source on Centos 6 64-bit

I'm trying to install perl from source into a local directory on CentOS 6. I'm having issues installing certain packages with cpan. I solved a bunch of problems by installing some dev rpm's, I solved more problems by telling perl CentOS …

Read More
Find size of an array in Perl

I seem to have come across several different ways to find the size of an array. What is the difference between these three methods? my @arr = (2); print scalar @arr; # First way to print array size print $#arr; # Second way to …

Read More