On Tue, Jun 24, 2008 at 5:08 AM, Paul Fenwick <[EMAIL PROTECTED]> wrote: > As the user of a module, it's possible for me to pass in tainted data. The > module doesn't know from where it's been sourced. However, unless the > *intent* of the module is to untaint this data, anything derived from that > data should probably remain tainted. Likewise, unless it's the purpose of > the module is untaint incoming data, anything the module reads from an > external source should probably also remain tainted.
I think I disagree with this. (Though perhaps could be argued out of it.) It seems to me that data should be validated at the time it is collected and untainted once validated. I don't see why some subroutine N levels down the call stack in some utility module should be expected to preserve taint on data you didn't check when you received it. -- David