Late last year I started a discussion on this list with a proposal
to add Perl/Ruby-like taint support to PHP - a feature that a
developer may turn on to find out where to insert explicit cleaning
operations to avoid code injection etc. vulnerabilities. With
applications that are explicitly written to be taint ware, taint
support may also help at run-time as an additional safety net.
In the unavoidable trade-off between performance and developer
impact, this approach minimizes the performance hit; the developer
provides the explicit cleaning operations. Other taint-for-PHP
approaches make a different trade-off; they typically avoid developer
impact altogether, but come at the cost of a larger performance hit.
After a bunch of other work that needed to be done I've resumed
work on PHP and I'm currently working on a rough prototype that
supports taint in the core and in a bunch of standard built-ins.
Overhead is minimal because it's just setting and testing a few
normally unused bits in the zval structure. I expect to get some
actual performance data once the implementation is complete enough,
and to have a first implementation out the door sometime in September.
Wietse
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
