Ilia Alshanetsky wrote:
Wrong again, different contexts have different validation criteria,
unless you consider that tainting in PHP wont work. What's safe to print
on screen may not be safe to execute or pass to the database etc...
Ilia is right here, this is the key concern with this proposal for me at
least. Every PHP app beyond hello world will likely at least work in 2
different context, as such I think a black and white approach is not a
useful intermediate step for this.
As long as we don't overreach (try to stop every problem) and
oversell (promise it will stop every problem) then we should be
fine, if 17 years of past experience can be applied to PHP.
If you base everything on experience there is no need to use PHP period.
Stick to predictable C, Fortran, etc...
Just because a person is a great train engineer does not make him a
great car mechanic.
I am not following you here Ilia. Your comparison does not make sense to
me at least. The goal must be to make to create a tool to make it easier
to write more secure code. No more, no less. It is something you will
run in development in order to pick up a subset of security issues. It
will of course fail if there are security measures, which turn out to be
insufficient. So no it will not magically make your security filtering
regexp more secure, but it will catch the cases where you missed
security checking entirely.
Again handling different context seems critical to me. So if we have
that, then it will also help in finding the slightly more tricky to find
issue of where a variable has been filtered/sanitized but for the wrong
context. However if we do have context sensitive taint, it seems like it
will increase the development/maintenance scope even more. And it will
also have a bigger performance overhead.
As such I am beginning to realize that at least from my current
understanding the Ruby taint model is simply insufficient. While it has
different taint levels, they are not concerned with the context, but
only with the scope of the limits applied. I do not know how things are
in Perl's taint model. Does anyone have context sensitive tainting
implemented yet?
regards,
Lukas
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
