Is it recommended developing Plack applications (middlewares) with perl's taint mode?
If yes, how to start plackup and/or Starman in tainted mode? In the simple CGI script that was easily done with the shebang line.
Will perl -T /path/to/{plackup|starman} do the job? Or here is any recommended way? Or it is not recommended?
Any ideas, pointers, articles about the combination Plack+Taint mode?
We usually don't recommend people to develop Plack applications under the taint mode, simply because I personally don't believe in the usefulness of the taint mode.
Plack's core utilities such as plackup and Plack::Utli particularly don't play well with the taint mode because it needs to compile the given .psgi file as a source code. If you really want to develop your application under the taint mode, you have to bypass the plackup and use Plack::Handler or Plack::Loader.
it is simple to workaround the plackup util, i can give you a example for fastcgi but it should be posible to do the same with starman forgett about the the .psgi file and use a plain startup script:
my $app = sub {
my $env = shift;
#...
}
#read the pid file, check for an old process, kill the old process...
#...
#choose a psgi Server impl.
#i prefere fcgi
my $manager = new FCGI::ProcManager::MaxRequests({
'max_requests'=>100,
'pid_fname'=>$pid_file,
'n_processes'=> 3,
'pm_title'=> $name
});
my $server = Plack::Handler::FCGI->new(
'listen'=>[$socket],
'detach' => 1,
'manager' => $manager
); #or use Plack::Loader to load a server
#run your application $server->run($app);
then start your startup.pl script with taintmode perl -T
