Perl's taint checking to the rescue

Category: Perl 5 Development

Comments (1)


"With Perl's taint mode, and DBI's TaintIn attribute enabled, SQL injection attacks can't happen."

This isn't true. Taint checking does not prevent this. It simply doesn't allow it with tainted data. The user can still untaint data incorrectly, and SQL injection attacks can still happen.


Sign in to add comment