hi list, i'm working as a penetration tester and php developer for various german webhosting companies. i just wanted to ask - what happened to the great idea of tainted-flags in a development-mode php interpreter, after 2008?
as far as i can see, there are two implementations: http://wiki.php.net/rfc/taint and coregrasp i nearly read all the discussions, but i haven't been able to find a clear decision. -- dan
