[VPM] alternative to perl's Open?
Malcolm Dew-Jones
yf110 at victoria.tc.ca
Tue Sep 7 14:27:37 CDT 2004
On Tue, 7 Sep 2004, Peter Scott wrote:
> Taint
> checking helps but I am rapidly becoming of the opinion that it is not
> the panacea it is generally made out to be.
Yes, it is important to realize that taint mode does not make a program
safe.
It simply identifies many possible weaknesses. It is particularly useful
because it can identify weakness that the programmer may not otherwise
recognize.
However, it is still up to the skill of the programmer to understand the
true implications of the identified weaknesses, and provide correct (and
bug free) solutions.
Interestingly, Javascript at one point also included a taint mode, which
was dropped because it was considered a security "dead end" after some
amount of experience with its use. (According to the o'reilly guide to
javascript.)
$0.02
More information about the Victoria-pm
mailing list