> Also I don't know how GRASP works, but it's very difficult (if not > impossible) to provide good analysis.. The difference between GRASP and PHP Taint Mode is that GRASP tracks taintedness on a byte level (it really tracks that e.g. byte 4, 7 and 8-20 of a variable are tainted and the others not) and Venema's implementation only tracks on a per variable level.
It is therefore obvious that the GRASP way cannot be made fast and that Venema's implementation will always be faster. The other difference is that Venema's implementation assumes that functions exist that make a variable safe for usage in SQL, HTML, ... When such a function is used the variable is marked as not tainted... In the previous mail I showed examples why this is not secure. GRASP on the other hand hooks the SQL/output functions and parses the SQL query/output and catches tainted bytes in places where they could be dangerous. The only problems here are how slow this is and that the parsers need to be compatible. Stefan Esser -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
