X-Git-Url: http://git.shadowcat.co.uk/gitweb/gitweb.cgi?a=blobdiff_plain;f=pod%2Fperlsec.pod;h=0068d7cad5e95f7894dad0c5c12dedb0f45714a0;hb=b3631f69ca17c134df671ddcddb78a6862b927cd;hp=dd237a08f02f3cb7a674a6686d1468456e0bf979;hpb=6a268663dbef8fda276c2b7ace6743802fd550ca;p=p5sagit%2Fp5-mst-13.2.git diff --git a/pod/perlsec.pod b/pod/perlsec.pod index dd237a0..0068d7c 100644 --- a/pod/perlsec.pod +++ b/pod/perlsec.pod @@ -63,6 +63,10 @@ you carefully limit what these symbolic values are, people are able to call functions B your Perl code, such as POSIX::system, in which case they are able to run arbitrary external code. +=item * + +Hash keys are B tainted. + =back For efficiency reasons, Perl takes a conservative view of @@ -72,7 +76,7 @@ of the subexpression is not itself affected by the tainted data. Because taintedness is associated with each scalar value, some elements of an array or hash can be tainted and others not. -The keys of a hash are never tainted. +The keys of a hash are B tainted. For example: @@ -476,9 +480,9 @@ Algorithm::FastPermute), or for any cryptographic applications. =item * -Regular expressions - Perl's regular expression engine is so called -NFA (Non-Finite Automaton), which among other things means that it can -rather easily consume large amounts of both time and space if the +Regular expressions - Perl's regular expression engine is so called NFA +(Non-deterministic Finite Automaton), which among other things means that +it can rather easily consume large amounts of both time and space if the regular expression may match in several ways. Careful crafting of the regular expressions can help but quite often there really isn't much one can do (the book "Mastering Regular Expressions" is required @@ -497,7 +501,7 @@ its input data, so it cannot be similarly fooled. =back See L for more information, -and any computer science text book on the algorithmic complexity. +and any computer science textbook on the algorithmic complexity. =head1 SEE ALSO