The other difference is that Venema's implementation assumes that
functions exist that make a variable safe for usage in SQL, HTML, ...
When such a function is used the variable is marked as not tainted... In
the previous mail I showed examples why this is not secure.
GRASP on the other hand hooks the SQL/output functions and parses the
SQL query/output and catches tainted bytes in places where they could be
dangerous.
The only problems here are how slow this is and that the parsers need to
be compatible.
BTW, have you already been able to found real-world exploitable bugs with
GRASP?
Nuno
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
