Tamas TEVESZ <ice@extreme.hu> wrote: > > DOCUMENT_ROOT is set by the server, so it's just unneccessary > overhead. you can of course do that, but if you don't trust your > webserver, why are you running it at the first place ? :> If you don't have taint mode on when coding perl scripts that must run in hostile environments (eg. CGIs), you're an idiot, and you're going to have problems sooner or later. If you *do* have taint mode on, then you need to untaint everything you want to use, including environment variables that you would normally trust anyway. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | OpenPGP key ID: DE89C75C, available on key servers OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
pgpvLJgAysjK9.pgp
Description: PGP signature