Regen perltoc.

[p5sagit/p5-mst-13.2.git] / pod / perlsec.pod

diff --git a/pod/perlsec.pod b/pod/perlsec.pod
index 53192cb..d5effd9 100644 (file)
--- a/pod/perlsec.pod
+++ b/pod/perlsec.pod
@@ -54,6 +54,23 @@ mechanism.
 
 Arguments to C<print> and C<syswrite> are B<not> checked for taintedness.
 
+=item *
+
+Symbolic methods
+
+    $obj->$method(@args);
+
+and symbolic sub references
+
+    &{$foo}(@args);
+    $foo->(@args);
+
+are not checked for taintedness.  This requires extra carefulness
+unless you want external data to affect your control flow.  Unless
+you carefully limit what these symbolic values are, people are able
+to call functions B<outside> your Perl code, such as POSIX::system,
+in which case they are able to run arbitrary external code.
+
 =back
 
 The value of an expression containing tainted data will itself be
@@ -373,6 +390,13 @@ Your access to it does not give you permission to use it blah blah
 blah."  You should see a lawyer to be sure your licence's wording will
 stand up in court.
 
+=head2 Unicode
+
+Unicode is a new and complex technology and one may easily overlook
+certain security pitfalls.  See L<perluniintro> for an overview and
+L<perlunicode> for details, and L<perlunicode/"Security Implications
+of Unicode"> for security implications in particular.
+
 =head1 SEE ALSO
 
 L<perlrun> for its description of cleaning up environment variables.