Hello,
On 12/20/06, Alain Williams <[EMAIL PROTECTED]> wrote:
On Tue, Dec 19, 2006 at 01:21:59PM -0800, Stanislav Malyshev wrote:
> >Wrong again, different contexts have different validation criteria,
> >unless you consider that tainting in PHP wont work. What's safe to print
> >on screen may not be safe to execute or pass to the database etc...
>
> I do not think the purpose of tainting is or should be to take this kind
> of decisions. The purpose of tainting is to force you - as application
> developer (as much as it is possible without actually looking over your
> shoulder and grabbing your hands :) to take this decision and not just
> forget about it. Many bugs are there not because somebody uses an input
> sanitized for exec as database query - people usually don't do that
> (though I can not say there's no app doing it - but I can certainly say
> it's not a routine way of action). However people routinely forget to
> take action on the input altogether - either because they delay it "for
> later" and then forget or because they are unfamiliar with the necessity
> of filtering and potential danger of passing the data. While there's no
> way to stop the user who purposefully wants to pass user-supplied data
> to dangerous function without filtering, there's certainly a way to warn
> a user that does it by mistake. That's the target.
Very well put/explained.
If it was only about the input filtering, you can use (and should)
ext/filter (filter.default=string with default flag strip low/high).
And more generally since I use filter filter in my projects, I do not
use anymore the auto globals (GPCCES) but only the filter functions. I
would love to simply drop them, they were nice and handy years ago but
it was a mistake to introduce them.
It is something I always wanted to do and is close to what we have in
all other languages (perl cgi, python cgi, etc.), it is safe as you
_have_ to think about the filter to use instead of blindly do
somecratythings($_GET['foo']);
Now, about taint mode, is it possible to leave the input filtering for
a second and explain me what else you like to do? How do you plan to
manage the contexts? Do you want this horrible mode 3? Or will you
argue about input filtering, sory taint mode until next year? :)
--Pierre
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
