On 18.11.2007, at 22:56, Stefan Esser wrote:
This is different from the implicit untainting through htmlentities() and mysql_real_escape_string() because there are obviously cases where these functions are the WRONG functions and the developer will never realise this because he was not taught to untaint() himself only when he is sure...
Ok, I guess this is a fundamental difference that we should probably take note if before we make any decision. Should it be a tool that one can just enable when one cares or should we require that developers actually code towards the taint model?
I personally think that library developers could be expected to actually make explicit untaint() calls and bytecode caches could be made smart enough to strip these out for the people that do not care about the added security (which one might not need in production).
However for the final glue that needs to be written to put all the libraries to work, I think its fairly unrealistic. Then again maybe the people that do care enough (because they are working for a bank) would still have the necessary time to add all the relevant untaint() calls. The rest would probably appreciate a tool that helps them getting closed to that magical 100% secure mark.
regards, Lukas -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
