Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:14542 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 39963 invoked by uid 1010); 2 Feb 2005 22:45:17 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 39923 invoked from network); 2 Feb 2005 22:45:17 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2005 22:45:17 -0000 X-Host-Fingerprint: 66.198.51.121 lerdorf.com Linux 2.4/2.6 Received: from ([66.198.51.121:44712] helo=colo.lerdorf.com) by pb1.pair.com (ecelerity HEAD (r4105:4106)) with SMTP id 38/A4-25397-DF751024 for ; Wed, 02 Feb 2005 17:45:17 -0500 Received: from [192.168.2.106] (c-24-6-1-160.client.comcast.net [24.6.1.160]) (authenticated bits=0) by colo.lerdorf.com (8.13.3/8.13.3/Debian-4) with ESMTP id j12M7vYJ030341 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 2 Feb 2005 14:07:58 -0800 Message-ID: <42014F3B.5040607@lerdorf.com> Date: Wed, 02 Feb 2005 14:07:55 -0800 User-Agent: Mozilla Thunderbird 1.0 (Macintosh/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Marcus Boerger CC: Derick Rethans , Ilia Alshanetsky , internals@lists.php.net References: <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201111730.0299da70@localhost> <5.1.0.14.2.20050201142816.026d21c0@localhost> <5.1.0.14.2.20050201151955.02730ec0@localhost> <4200169A.6050905@lerdorf.com> <42001C1D.3090105@cschneid.com> <42001D7B.1040707@trickie.org> <420024EC.4080601@lerdorf.com> <4200457F.5080305@prohost.org> <42005629.3000905@lerdorf.com> <4200D48A.9070305@prohost.org> <42010045.20807@lerdorf.com> <12510140304.20050202223853@marcus-boerger.de> In-Reply-To: <12510140304.20050202223853@marcus-boerger.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP 5.1 From: rasmus@lerdorf.com (Rasmus Lerdorf) Marcus Boerger wrote: >>Well, people turn on safe mode just because the name implies that things >>are safe too - which is wrong. I agree with Ilia, we should not mangle >>request data by default. It's fine to provide filter functions but the >>normal post/get/cookie data should be normally available through GET and >>POST - this is starting to look like another magic_quotes. A bad thing! > > > Besides that turning on by default could turn out to become a major BC. I have never suggested it should be on by default. I specifically stated that it shouldn't be on by default. And of course it could break certain applications if you turn it on. When you look at web apps out there you see elaborate schemes to filter input data that are often wrong. And even if they are right, they forgot to filter the state drop-down select list, for example. I mean they only provided a bunch of 2-letter state abbreviations for the user to choose between so they don't think to filter that particular field. You'd be amazed how many places you can spoof a form and send state=CA back to it. We need a way to apply a default security policy for all input data which can then be loosened for specific fields, like the text area field of a forum application. Think of it in firewall terms. A decent firewall starts with everything blocked and then you poke a few holes in it where you need them. A firewall which has everything open by default and you have to specifically block individual ports you think may be evil yourself is never going to be anywhere near as effective. TCP/IP Firewalls break all sorts of applications as well until either the application is modified to poke a hole in the firewall itself via upnp, or you reconfigure the firewall. This makes firewalls annoying, but they are necessary. This is exactly the same thing. It is a data firewall for PHP. You don't have to use it, but people want it and need it. -Rasmus