I ran into this recently as I wanted to write taint-safe code in a module for inclusion into a larger project. For some reason, I was shocked that while I can type 'use warnings' and 'use strict', taint-checking is not so easily invoked.
Jarkko wrote: "My personal fear is that any way to circumvent taint will be abused by people who can't be bothered to write secure code." While that may be true, what about those of us who want to write secure code (hopefully providing a good example) in an otherwise insecure project environment? I want the ability to hold myself to stricter standards than I can enforce on others. Nothing stops me from simply checking data with or without taint mode, but the maintenance programmer following behind me... Russ
