Script Security with Taint Checking
Say you wrote a Perl script that was intended to be run by someone you don't know and don't necessarily trust—for example, if you're administering a multiuser Unix machine, or if your script will be used for CGI. Because you don't know the person running that script, that person could theoretically have hostile intentions and attempt to use your script to gain unauthorized access to your system or damage it in some way.
So what can you do to prevent a malicious user from doing any damage through your script? Careful programming can help with that—checking to make sure input doesn't include any sneaky things before passing it to a system function call or backquotes, for example. But sometimes it's hard to keep ...
Get Sams Teach Yourself Perl in 21 Days, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
