Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:33247
Return-Path: <nlopess@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 72130 invoked by uid 1010); 18 Nov 2007 11:52:00 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 72115 invoked from network); 18 Nov 2007 11:52:00 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Nov 2007 11:52:00 -0000
Authentication-Results: pb1.pair.com header.from=nlopess@php.net; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=nlopess@php.net; spf=unknown; sender-id=unknown
Received-SPF: unknown (pb1.pair.com: domain php.net does not designate 212.55.154.23 as permitted sender)
X-PHP-List-Original-Sender: nlopess@php.net
X-Host-Fingerprint: 212.55.154.23 relay3.ptmail.sapo.pt Linux 2.4/2.6
Received: from [212.55.154.23] ([212.55.154.23:34635] helo=sapo.pt)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 0A/B0-00464-E5720474 for <internals@lists.php.net>; Sun, 18 Nov 2007 06:52:00 -0500
Received: (qmail 20143 invoked from network); 18 Nov 2007 11:51:55 -0000
Received: from unknown (HELO sapo.pt) (10.134.35.207)
  by relay3 with SMTP; 18 Nov 2007 11:51:55 -0000
Received: (qmail 26499 invoked from network); 18 Nov 2007 11:51:56 -0000
X-AntiVirus: PTMail-AV 0.3-0.91.1
X-Virus-Status: Clean (0.00663 seconds)
Received: from unknown (HELO pc07653) (nunoplopes@sapo.pt@[82.155.74.200])
          (envelope-sender <nlopess@php.net>)
          by mta12 (qmail-ldap-1.03) with SMTP
          for <stefan.esser@sektioneins.de>; 18 Nov 2007 11:51:56 -0000
Message-ID: <006101c829d9$5e2f0140$4101a8c0@pc07653>
To: "Stefan Esser" <stefan.esser@sektioneins.de>,
	"PHP internals" <internals@lists.php.net>
References: <47401946.2050406@sektioneins.de>
Date: Sun, 18 Nov 2007 11:51:33 -0000
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="ISO-8859-15";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Subject: Re: [PHP-DEV] Tainted Mode Decision
From: nlopess@php.net ("Nuno Lopes")

> I just wanted to ask if there was ever a decision made that said tainted
> mode will go into PHP mainstream.

no, there was no decision yet.


> It is no secret that I don't like the idea of a taint mode in PHP
> because it cannot be made secure and fast at the same time.

/me too. Although I can't argue about those two implementations because I 
haven't looked at them yet, I think we shouldn't include neither of them in 
the core. At most we could introduce some hooks in the engine to allow these 
kind of extensions to be self-contained and distributed by 3rd parties 
without much trouble.
Also I don't know how GRASP works, but it's very difficult (if not 
impossible) to provide good analysis..

Nuno