Ilia Alshanetsky:
>
> On 15-Dec-06, at 4:16 PM, Stanislav Malyshev wrote:
>
> >> Sounds awefuly like yet another safe_mode, something that
> >> proclaims security, yet being unable to provide it.
> >
> > Repeating my comments on that, I think that it can be done not like
> > safe_mode, if we take different approach. Namely, not "mark unsafe,
> > accept otherwise" but "mark safe, deny otherwise".
>
> Ok this is better, but it will break every single application out
> there. I for one think that this is unacceptable.
Remember, taint checks are turned off off by default. Nothing
breaks.
As for precision, we can have a fail-close system with the default
"no function/primitive accepts tainted data" policy.
Over time we can "open up" functions/primitives, once the framework
is in place. After that, taint support can be extended inrementally.
Even if some taint check is to restrictive at some point in time,
the programmer can always overcome it with an explicit action.
Wietse
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
