% perldoc perlsec
-- is what you are looking for. it's all there...
> With regard to yesterday's "Cryptic errors -simple Apache::Registry
> script ??? (newbie)" post, I have discovered some more information. Not
> that it clarifies my understanding of the error much.
>
> By hacking (process of elimination) I have discovered that when I turn
> off taint checking in my httpsd.conf the script (helloworld.pl) runs and
> produces no errors. On 634 of the eagle book, it says that
> PerlTaintCheck will activate taint checks on ... user provided data ...
> dangerous functions such as exec(), eval(), and system(). This seems
> like a wise precaution.
>
> I don't see where the user name is getting execed, evaled, or supplied
> to a system call. Can anyone explain this to my pea brain?
>
> Also, What would I have to do with the parameter value to make mod_perl
> think I had "untainted" the value?
>
> John Walker
> _________________________
> Special Projects Manager, JSW4.NET
> [EMAIL PROTECTED]
> http://www.jsw4.net/
>
_______________________________________________________________________
Stas Bekman mailto:[EMAIL PROTECTED] http://www.stason.org/stas
Perl,CGI,Apache,Linux,Web,Java,PC http://www.stason.org/stas/TULARC
perl.apache.org modperl.sourcegarden.org perlmonth.com perl.org
single o-> + single o-+ = singlesheaven http://www.singlesheaven.com