develooper Front page | perl.perl5.porters | Postings from December 2012

Re: CERT Perl Secure Coding Standard

Thread Previous | Thread Next
Alexander Hartmaier
December 10, 2012 14:08
Re: CERT Perl Secure Coding Standard
Message ID:
On Sat, Dec 8, 2012 at 9:19 AM, David Nicol <> wrote:

> On Fri, Dec 7, 2012 at 8:41 AM, demerphq <> wrote:
> > Anybody seen this?
> >
> >
> I'd like to take this opportunity to promote Tie::Function as an
> elegant way to prevent all sorts of quoting injections. Url-encoding,
> HTML Entitization, SQL quoting, and SQL identifier quoting can all
> have their own hashes tied to Tie::Function, and then auditing against
> injection attacks becomes very straightforward, and no data need be
> quoted prior to use.

I wonder why the author has the impression "While the Perl community is
interested in improving the language, the focus on security has
historically tended to take a back seat to other priorities, such as new
features and improved performance."?
Looking at the taint mode and hash alglorith discussions I'd say that p5p
is very concerned about keeping security related features alive and fixing
security related bugs asap.
Can someone try to contact the author to discuss his opinion before it

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About