FAQ
G'day...
Comments from others would be appreciated. Michael, what's
your thinking behind using CGI::Untaint?

OK... My thoughts are this - <flamesuit on :)>checking out the module
before casting judgement on it is a good thing(tm)</flamesuit off> :)

The module leaves validation up to the end user/programmer... It is
simply a module of convenience. It does not blindly untaint all data,
you must request each form element to be untainted as you go. I view the
CGI::Untaint module as simply a tool in the process of validating data,
and using it in a taint-safe fashion. (For example, I'll use
CGI::Untaint to grab an email address, and ensure it is valid with
Email::Valid.) CGI::Untaint does have its limitations, it cannot handle
multiple selections made in a select box, for example.

I also feel that writing a module that would validate (and if necessary
untaint) data from a form would be either near impossible /or/ require
well defined usage rules and user configuration. After all validation is
dependant on the context of the data being gathered. (And again, a
number of modules already exist for this purpose.)

I've found CGI::Untaint a useful tool, not a perfect one-size-fits-all
one.

All the best...

Regards,


Michael S. E. Kraus
Software Developer
Wild Technology Pty Ltd
_______________________________
ABN 98 091 470 692
Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017, Australia
Telephone 1300-13-9453 | Facsimile 1300-88-9453
http://www.wildtechnology.net

The information contained in this email message and any attachments may
be confidential information and may also be the subject of client legal
- legal professional privilege. If you are not the intended recipient,
any use, interference with, disclosure or copying of this material is
unauthorised and prohibited. This email and any attachments are also
subject to copyright. No part of them may be reproduced, adapted or
transmitted without the written permission of the copyright owner. If
you have received this email in error, please immediately advise the
sender by return email and delete the message from your system.

Search Discussions

  • Gunnar Hjalmarsson at Dec 2, 2004 at 1:22 am

    Michael Kraus wrote:
    OK... My thoughts are this - <flamesuit on :)>checking out the module
    before casting judgement on it is a good thing(tm)</flamesuit off>
    :)
    Sure, but I hope I included enough of disclaimers... ;-)
    The module leaves validation up to the end user/programmer... It is
    simply a module of convenience. It does not blindly untaint all data,
    you must request each form element to be untainted as you go.
    Do you mean that you can access the parameters the usual way, even if
    you are using CGI::Untaint? Then I did misunderstand. Sorry.
    I view the CGI::Untaint module as simply a tool in the process of
    validating data, and using it in a taint-safe fashion.
    Thanks for clarifying. (And for the initial tip.)

    --
    Gunnar Hjalmarsson
    Email: http://www.gunnar.cc/cgi-bin/contact.pl

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupbeginners @
categoriesperl
postedDec 2, '04 at 12:01a
activeDec 2, '04 at 1:22a
posts2
users2
websiteperl.org

People

Translate

site design / logo © 2022 Grokbase