tainted values
.cindex "tainted data" "de-tainting"
come down to using the tainted value as a lookup key in a trusted database.
-This database could be the filestem structure,
+This database could be the filesystem structure,
or the password file,
or accessed via a DBMS.
Specific methods are indexed under &"de-tainting"&.
.wen
-.vitem "&*${lookup{*&<&'key'&>&*}&~*&<&'search&~type'&>&*&~&&&
+.vitem "&*${lookup&~{*&<&'key'&>&*}&~*&<&'search&~type'&>&*&~&&&
{*&<&'file'&>&*}&~{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&" &&&
"&*${lookup&~*&<&'search&~type'&>&*&~{*&<&'query'&>&*}&~&&&
{*&<&'string1'&>&*}&~{*&<&'string2'&>&*}}*&"
.cindex "tainted data"
If the origin of the data is an incoming message,
the result of expanding this variable is tainted.
-When un untainted version is needed, one should be obtained from
+When in untainted version is needed, one should be obtained from
looking up the value in a local (therefore trusted) database.
Often &$domain_data$& is usable in this role.