> > -----Original Message----- > > From: Larry Levin [mailto:[EMAIL PROTECTED] > > Sent: Thursday, May 27, 2004 4:59 PM > > To: [EMAIL PROTECTED] > > Subject: can CGI Servlet handle Perl taint checking? > > > > Hi; > > > > I am trying to get Bugzilla to work with Tomcat and have run into a > > problem. The latest stable release of Bugzilla (2.16) has > implemented > > "taint checking" in all of the CGI perl scripts as a security > > feature. > > When I attempt to access Bugzilla via Tomcat, I get a message > > in the log > > file from the CGI servlet that its too late to turn on the > > "-T" option. > > > > The problem as I understand it, is that the perl executable must be > > started up with taint checking enabled if the scripts are going to > > invoke it. Is there any way I can set an option in Tomcat > to have the > > CGI servlet properly handle this aspect of perl? Not explicitly but try setting the "executable" parameter to "perl -T" rather than "perl". No idea if this will work.
> > Does it matter whether > > I run Tomcat 4.1 or 5.0 ? TC4 and TC5 use exactly the same GCI servlet so it doesn't matter which one you use. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
