[VPM] alternative to perl's Open?
Malcolm Dew-Jones
yf110 at victoria.tc.ca
Tue Sep 7 15:30:39 CDT 2004
On Tue, 7 Sep 2004, Malcolm Dew-Jones wrote:
>
> Interestingly, Javascript at one point also included a taint mode, which
> was dropped because it was considered a security "dead end" after some
> amount of experience with its use. (According to the o'reilly guide to
> javascript.)
Of course as soon as I thought about this I realized it is irrelevent.
Security in javascript is a problem because the person running a browser
cannot trust the javascript code that was sent to them. Having that code
taint check its input is pretty much irrelevent at that stage.
In perl (proto-typically, and in this case) , the code (the cgi script) is
trustworthy, (give or take bugs), and asking basically trusted code to
check its input is entirely relevent.
More information about the Victoria-pm
mailing list