Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:33346 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 81982 invoked by uid 1010); 20 Nov 2007 00:31:39 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 81966 invoked from network); 20 Nov 2007 00:31:39 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Nov 2007 00:31:39 -0000 Authentication-Results: pb1.pair.com smtp.mail=dz@bitxtender.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=dz@bitxtender.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain bitxtender.com from 80.237.132.12 cause and error) X-PHP-List-Original-Sender: dz@bitxtender.com X-Host-Fingerprint: 80.237.132.12 wp005.webpack.hosteurope.de Received: from [80.237.132.12] ([80.237.132.12:37828] helo=wp005.webpack.hosteurope.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 66/56-50425-AEA22474 for ; Mon, 19 Nov 2007 19:31:39 -0500 Received: from dslb-084-056-021-028.pools.arcor-ip.net ([84.56.21.28] helo=localhost); authenticated by wp005.webpack.hosteurope.de running ExIM using esmtpsa (TLSv1:RC4-SHA:128) id 1IuH1b-0008Hv-5i; Tue, 20 Nov 2007 01:31:35 +0100 Cc: PHP internals Message-ID: <127D6AD6-6CC9-4C19-B0D0-853676B4EABD@bitxtender.com> To: Stanislav Malyshev In-Reply-To: <47421481.6050802@zend.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v915) Date: Tue, 20 Nov 2007 01:31:34 +0100 References: <47401946.2050406@sektioneins.de> <4740B136.2080207@hardened-php.net> <4217C4AB-1725-4D54-95D0-82262DB012BC@pooteeweet.org> <21E0FBBA-645D-4883-A9A9-7BCDC74D74A1@bitxtender.com> <47421481.6050802@zend.com> X-Mailer: Apple Mail (2.915) X-bounce-key: webpack.hosteurope.de;dz@bitxtender.com;1195518699;b6483ab4; Subject: Re: [PHP-DEV] Tainted Mode Decision From: dz@bitxtender.com (=?ISO-8859-1?Q?David_Z=FClke?=) >> "Do, or do not. There is no try.". Or, in contemporary words: do >> things 100% properly, but if that is not possible, take a step back >> and spare the world some half arsed attempt. > > It sounds nice, but from the practical point of view you can't make > sure code is 100% tested and 100% secure. There always will be > combinations of data, algorithm and state of the environment that > you didn't think of and didn't test for. By your logic, thus all > security solutions and all testing are useless. Obviously it is not > so, and the reason for that is that every tol that allows us to > cover more security "territory" and test for more problems is > useful, even if it doesn't make your application never fail. I didn't mean that any kind of testing is useless :) The thing is, however, that a taint mode feature could not possibly cover all potential security issues, and would therefor give those users that do not have the slightest clue about security anyway a false feeling of safety. We've had that before with magic quotes and the like and it didn't work. Just look at the discussions here. If my neighbor's squirrel farts in the wrong direction, and I ate cornflakes less than an hour ago, there's a 23 percent chance that the untainting done by htmlentities() won't be enough. That is just not going to cut it. An untaint() approach - all for it (yes, the noobs that don't give a damn are going to use it because "it just works", but no, that shouldn't bother us, at least they have been warned). But some implicit guessing magic that, once again, means people are gonna switch their brains off - please not. - David