Taint safety problem in Net::OpenID::Consumer 0.11

Brad Fitzpatrick brad at danga.com
Tue Jun 28 23:41:32 PDT 2005

On Tue, 28 Jun 2005, Rob Lanphier wrote:

> Hi folks,
> Unless I'm doing something very boneheaded (quite possible, my Perl
> skills are quite rusty), it doesn't appear that Net::OpenID::Consumer
> (v0.11) is taint safe.

I never use taint mode, so I'm not surprised.

But I'll gladly take patches to make it taint safe!

> The reason why I bring this up is that I'm taking a stab at adding
> Bugzilla/OpenID consumer support, and I've made some reasonable
> progress.

Nice!  Can't wait to upgrade our BZ install using it!

> BZ ships with taint checking turned on.

Guess I'd better read perlsec one day.

- Brad

More information about the yadis mailing list