Jim Seymour wrote:
> Bill Moran <wmoran@potentialtech.com> wrote:
>
> [snip]
>
> I agree with Bill. Years ago (more years than I care to recall) I read
> a book on structured systems design (IIRC) that advised one should
> condition/convert data as early as possible in the process, throughout
> the design. Amongst the advantages cited for this tactic was that then
> you would know, everywhere else in the system, that you were dealing
> only with conditioned data. That practice, taken to heart relatively
> early in my career, has always stood me in good stead. Thus I
> recommend to others the same approach.
>
> In short: Any data coming from an untrusted source should always be
> de-fanged as early as possible.
>
Sounds like reading up on perl's Taint feature would be beneficial here
as well. They have the similar attitude that if it hasn't been
specifically de-loused, then it probably has lice.
