Taint safety problem in Net::OpenID::Consumer 0.11
Brad Fitzpatrick
brad at danga.com
Tue Jun 28 23:41:32 PDT 2005
On Tue, 28 Jun 2005, Rob Lanphier wrote:
> Hi folks,
>
> Unless I'm doing something very boneheaded (quite possible, my Perl
> skills are quite rusty), it doesn't appear that Net::OpenID::Consumer
> (v0.11) is taint safe.
I never use taint mode, so I'm not surprised.
But I'll gladly take patches to make it taint safe!
> The reason why I bring this up is that I'm taking a stab at adding
> Bugzilla/OpenID consumer support, and I've made some reasonable
> progress.
Nice! Can't wait to upgrade our BZ install using it!
> BZ ships with taint checking turned on.
Guess I'd better read perlsec one day.
- Brad
More information about the yadis
mailing list