"Do, or do not. There is no try.". Or, in contemporary words: do
things 100% properly, but if that is not possible, take a step back
and spare the world some half arsed attempt.
It sounds nice, but from the practical point of view you can't make
sure code is 100% tested and 100% secure. There always will be
combinations of data, algorithm and state of the environment that
you didn't think of and didn't test for. By your logic, thus all
security solutions and all testing are useless. Obviously it is not
so, and the reason for that is that every tol that allows us to
cover more security "territory" and test for more problems is
useful, even if it doesn't make your application never fail.
I didn't mean that any kind of testing is useless :)
The thing is, however, that a taint mode feature could not possibly
cover all potential security issues, and would therefor give those
users that do not have the slightest clue about security anyway a
false feeling of safety. We've had that before with magic quotes and
the like and it didn't work. Just look at the discussions here. If my
neighbor's squirrel farts in the wrong direction, and I ate cornflakes
less than an hour ago, there's a 23 percent chance that the untainting
done by htmlentities() won't be enough. That is just not going to cut
it.
An untaint() approach - all for it (yes, the noobs that don't give a
damn are going to use it because "it just works", but no, that
shouldn't bother us, at least they have been warned). But some
implicit guessing magic that, once again, means people are gonna
switch their brains off - please not.
- David
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
