SCOUG Logo


Next Meeting: Sat, TBD
Meeting Directions

Be a Member
Join SCOUG

Navigation:


Help with Searching

20 Most Recent Documents
Search Archives
Index by date, title, author, category.

Features:

Mr. Know-It-All
Ink
Download!




SCOUG:

Home

Email Lists

SIGs (Internet, General Interest, Programming, Network, more..)

Online Chats

Business

Past Presentations

Credits

Submissions

Contact SCOUG

Copyright SCOUG


warp expowest
Pictures from Sept. 1999
The views expressed in articles on this site are those of their authors.

warptech
SCOUG was there!

Copyright 1998-2024, Southern California OS/2 User Group. ALL RIGHTS RESERVED.

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.

The Southern California OS/2 User Group
USA

SCOUG-Programming Mailing List Archives

Return to [ 27 | January | 2001 ]

Date: Sat, 27 Jan 2001 01:09:38 PST
From: <leganii@surfree.com >
Reply-To: scoug-programming@scoug.com
To: scoug-programming@scoug.com
Subject: SCOUG-Programming: Tain checking note

Content Type: text/plain

I checked through the Warp Tech CD slides for
Dr. Rony Flatscher's lectures, and saw
some info on a 'security manager' for Object Rexx, but nothing
that fit Taint checking exactly.
My memory must be getting too imaginative.

Anyway, from 'Perl and CGI For The World Wide Web',
Elizabeth Castro, p. 238 (~$12.00 a few weeks back at Frys):

(in Appendix C Security, p. 235)
'Avoiding tainted data'

(add -T to the interpreter invocation).......
If you use unverified outside data to modify a file,
directory, or process, you'll get an error message.
...to verify or untaint it..run it through a search pattern
and then assign the matched part to a scalar variable.
...
It's your responsibility to ensure that your regular expression
does a good job of ensuring that the data is what it should be.
......

--End of paraphrase--

The point is really not switches or regular expressions, or Perl etc.
but checking the data from a possibly hostile user for any
tricky attempts to sidetrack the script.

Regards,
Dallas E. Legan II / leganii@surfree.com / dallasii@kincyb.com

Powered by......Lynx, the Internet at full speed.

________________________________________
Surfree.com - nationwide internet access
http://www.surfree.com

=====================================================

To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-programming".

For problems, contact the list owner at
"rollin@scoug.com".

=====================================================

Return to [ 27 | January | 2001 ]

The Southern California OS/2 User Group
P.O. Box 26904
Santa Ana, CA 92799-6904, USA

Copyright 2001 the Southern California OS/2 User Group. ALL RIGHTS RESERVED.

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.