On 2001.12.29 22:43 Michael G Schwern wrote: > So would it be a good idea to make $obj->$tainted(@args) a taint > violation along with $tainted->(@args) and basically any other use of > a tainted variable as a symbolic reference? Seems Ripe For Evil.
>From perlsec, the point of tainting is : You may not use data derived from outside your program to affect something else outside your program. And : Tainted data may not be used directly or indirectly in any command that invokes a sub-shell, nor in any command that modifies files, directories, or processes. Your suggestion would be the first introduction of taint checking in some area that don't involve the outside environment of the program. (note that I'm not voting against your proposal : this is only a comment.)