(-T) Taint Checking

• Problem:

  • User input cannot be trusted
  • ...a leading cause of web site attacks

• Perl's Solution:

  • All user input is marked "tainted"
  • Data touched by tainted data is itself tainted
  • Tainted data not allowed to be used in unsafe manner
  • Data can be explicitly checked and cleaned