> Insecure, dependant and tainted:(
Heh. Perl can be a bit brutal at times...
> if ( open( FD, "<$Globals::DATA/$site/$Globals::REFTALLY" )) {
> #**************Error occurs here (on open)***************
> if ( open( FD, ">$Globals::DATA/$site/$Globals::REFTALLY" )) {
> Insecure dependency in open while running with -T switch at
perl is being run with the -T switch. This means you are running in
"taint mode". Taint mode means data that you get from outside
your program is untrusted and untrusted data is marked -- "tainted".
You can not send tainted data, directly or indirectly, back outside
your program. Any data whose value might be affected by tainted
data is itself tainted.
Solutions:
1. Turn taint checking off. (And your code becomes insecure to the
extent that outside data should not be trusted and your use of that
data is open to abuse.)
2. Turn tainting off for the FD filehandle. (And your code becomes
insecure to the extent that data from that file should not be trusted
and your use of that data is open to abuse.) See FileHandle.pm.
3. Process the data to verify it is ok, then untaint it bit by bit as
appropriate. (And your code is insecure to the extent that you
screw up.)
See
perldoc perlsec
hth
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
