James S. Huggins (Ringlink List) wrote:
This is a quote from the Perl 'bible':
<quote>
On the more security-conscious sites, running all CGI scripts under the
-T flag isn't just a good idea: it's the law. We're not claiming that
running in taint mode is sufficient to make your script secure. It's
not, and it would take a whole book just to mention everything that
would. But if you aren't executing your CGI scripts under taint mode,
you've needlessly abandoned the strongest protection Perl can give you.
</quote>
===================================
Can you provide a URL?
(or is that a book?)
It's a book:
Programming Perl, 3rd edition, p. 559
An applicable URL: http://www.perldoc.com/perl5.8.4/pod/perlsec.html
(see the beginning of the "DESCRIPTION" section)
I'm preparing for a response from MY host and want to be able to cite a
source.
Cool. I'm very interested in a possible explanation.
/ Gunnar