[Israel.pm] What is -T ?
gaal at forum2.org
Mon Jun 6 06:26:25 PDT 2005
On Mon, Jun 06, 2005 at 04:02:23PM +0300, Yaron Golan wrote:
> It might be related to the new version of Komodo I installed, but still.
Not directly related, no.
> The option of online compilation marks one of the modules I use as:
> Insecure dependency in require while running with -T switch at
> <myscript.pl> line 12.
> 1. What is -T?
> 2. Why when I run perl -wc myscript.pl it is OK?
> 3. What is the cause and how do I solve it?
"Taint mode" is a mechanism to run perl in a mode that doesn't trust
any data coming from external sources (eg., read from filehandles, the
environment, etc.). The idea that to use such data, you must manually
pass it through an "untainting" function (that you write). Operations
that expect untainted data but which are handed user data unprocessed
will fail loudly with the error you saw. This is a security mechanism;
it forces you to at least give some thought about dangerous user input,
and helps fing places where you may have neglected to treat it.
Read perlsec for more details.
Gaal Yahas <gaal at forum2.org>
More information about the Perl