Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:37213 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 6379 invoked from network); 25 Apr 2008 06:47:58 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Apr 2008 06:47:58 -0000 Authentication-Results: pb1.pair.com smtp.mail=arvids.godjuks@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=arvids.godjuks@gmail.com; sender-id=pass; domainkeys=bad Received-SPF: pass (pb1.pair.com: domain gmail.com designates 66.249.92.175 as permitted sender) DomainKey-Status: bad X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01 X-PHP-List-Original-Sender: arvids.godjuks@gmail.com X-Host-Fingerprint: 66.249.92.175 ug-out-1314.google.com Received: from [66.249.92.175] ([66.249.92.175:10743] helo=ug-out-1314.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 4D/DD-23516-C9E71184 for ; Fri, 25 Apr 2008 02:47:57 -0400 Received: by ug-out-1314.google.com with SMTP id u40so954750ugc.29 for ; Thu, 24 Apr 2008 23:47:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=tuM3MRJajg78nKYZ0/bEDmdRSK1UneIx3kUgpWWZYEI=; b=T507DpxKPMyzuzXKF8dhGnGtCmHik1Yv3VZPUe7AhicUElMMRZSaWP8thwgYgpwW8HE+rRojCvDtHCmjWRYCUN6QqIoHRiGd2szW8m8j3Oq8BZvezNfCBeOLvWR1mjzGbbZedEqOqpAVcxN/rkO57f9JLieSDodNNwLRjhLGsdI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Bztt9LOUfMCEIrasOOUaVAziCu3C2ecU7Lm062m0ntuWBG1b1ASzlItNe7q/dWluqyhy+306DQwpcq2PDJb0eq7z/fo2WTSFYy/ygN9vnQupQBINifhZOCAOLTnUPB918kGrpEtzWu7zNr9B4VDCRp7Al8h2MBtwg6ruT0Xbevo= Received: by 10.67.16.13 with SMTP id t13mr2701538ugi.44.1209106073444; Thu, 24 Apr 2008 23:47:53 -0700 (PDT) Received: by 10.66.219.9 with HTTP; Thu, 24 Apr 2008 23:47:53 -0700 (PDT) Message-ID: <9b3df6a50804242347s51f5bffew674cd77a4a17e24d@mail.gmail.com> Date: Fri, 25 Apr 2008 09:47:53 +0300 To: "Wietse Venema" Cc: internals@lists.php.net In-Reply-To: <20080424135730.239761F3E98@spike.porcupine.org> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_2525_9307167.1209106073440" References: <20080424135730.239761F3E98@spike.porcupine.org> Subject: Re: [PHP-DEV] PHP taint support update From: arvids.godjuks@gmail.com ("Arvids Godjuks") ------=_Part_2525_9307167.1209106073440 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline 2008/4/24 Wietse Venema : > FYI, > > Taint support for PHP 5.2.5 has been updated. The 20080423 version > improves support for PCRE, and fixes a harmless read-after-free bug. > > The primary goal of this code is to help PHP application programmers > find and eliminate opportunities for HTML script injection, SQL or > shell code injection, or PHP control hijacking. It's off by default, > but can be configured to produce warnings or to terminate execution. > > User-mode "make test" run-time overhead is 0.5-1.5%, as measured > on two different CPUs with the same OS and the same PHP executables. > The bench.php overhead is 2%, and presents a worst-case number for > compute-bound PHP applications that spend their entire life iterating > over tiny loops. > > For more info, you can find links off http://wiki.php.net/rfc/taint/ > > I presented a talk this week to the NYPHP users group. You can find > a copy of my slides at http://www.nyphp.org/content/presentations/ > > Wietse > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > I just can't express my feelings about this extension. It's just fantastic. Can't wait untill it's going stable and added to PECL, I have code witch is needed to be tested exactly with this extension :) ------=_Part_2525_9307167.1209106073440--