Perl的异味模式有用吗? [英] Is Perl's taint mode useful?

问题描述

perl -T

您使用它吗?它有助于您在Perl脚本中发现安全漏洞吗?

Do you use it? Does it help you finding security holes in your Perl scripts?

推荐答案

不仅如此:)它可以停止您的安全性问题，直到它们成为一个安全问题.当然，这不是安全的灵丹妙药……我们曾经在外部公开的任何脚本(即任何mod_perl应用程序)中使用它(几年前，我参与Perl项目)，我们发现它非常有用，并且制定了我们的政策.它进行了一些检查并且很方便..(任何使事情自动化的东西)

More than that :) it stops your security issues before they become one. It is not a security silver bullet of course... we used to use it (a few years back when I was involved in Perl projects) in any script that was exposed externally (i.e. any mod_perl app) and we found it very useful and made it our policy. It does a few checks and it is handy.. (anything makes things automated)

Perl安全-perlsec 强烈建议:

强烈建议对服务器程序以及代表他人运行的任何程序(例如CGI脚本)使用此标志[Taint模式].污点模式打开后，脚本的其余部分都将打开.

This flag [Taint mode] is strongly suggested for server programs and any program run on behalf of someone else, such as a CGI script. Once taint mode is on, it's on for the remainder of your script.

这篇关于Perl的异味模式有用吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！