Mastering Modern Perl: Writing Efficient and Maintainable Code/

...

/

Taint

Taint

Learn about taint, the sticky piece of metadata that comes from outside our programs.

We'll cover the following...

Some Perl features can help us write secure programs. These tools are no substitute for careful thought and planning, but they reward caution and understanding and can help us avoid subtle mistakes.

Taint mode (or taint) is a sticky piece of metadata attached to all data that comes from outside our program. Any data derived from tainted data is also tainted. We may use tainted data within our program, but if we use it to affect the outside world—if we use it insecurely—Perl will throw a fatal
exception.

Press + to interact
Use of taint in Perl
Use of taint in Perl

Using taint mode

perldoc perlsec explains taint mode in copious detail.

Launch your program with the -T command-line argument to enable taint mode. If we use this argument on the #! line of a program, we must run the program directly. If we run it as perl mytaintedappl.pl and neglect the ...