On 15-Dec-06, at 6:11 PM, Stanislav Malyshev wrote:
All it means is extra work for developers with little or no
tangible benefits. I also wonder how taint will work with the
standard remove/add
Security is benefit. Of course, the developers that are sure they
write secure code anyway need not be bothered by tainting and can
leave it off forever.
So you claim that without taint mode it is not possible to write safe
PHP code?
The job of a language is to provide tools, not arbitrary crippling
limitation under the guise of security improvement.
I agree. Tainting is one of such tools, aimed at improving security.
Tainting is a false security it makes you feel secure, when you
aren't. First its off in production and that's where all the hacks
appear, it will have holes due to unforeseen function usage, dynamic
variables, false untainting etc...
safe_mode sounded like a really reasonable idea too, I would've
hoped some lessons from past mistakes could be made.
I do not see what exactly you propose to learn from safe mode
mistakes - that we should never try to improve PHP security by
providing language level tools? I do not see how this can be
derived from whatever was wrong with safe mode. It may be that the
tainting would not catch but I do not think safe mode problems
should prevent us from even trying.
Good luck, I suppose on a base level it is entertaining seeing
someone bang their head against the wall time and time again.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
