Security aware programming(7)

• Untainting: referencing subpatterns in regexps

• if ($v =~ /^([a-z]+)$/) {

• $v = $1; # $v is untainted now

• } else {

• # log the attempt and STOP

• }

• Challenge: choosing the right subpattern(s)