Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:61032 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89692 invoked from network); 28 Jun 2012 19:36:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 28 Jun 2012 19:36:22 -0000 Authentication-Results: pb1.pair.com header.from=ircmaxell@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=ircmaxell@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.49 as permitted sender) X-PHP-List-Original-Sender: ircmaxell@gmail.com X-Host-Fingerprint: 209.85.216.49 mail-qa0-f49.google.com Received: from [209.85.216.49] ([209.85.216.49:61479] helo=mail-qa0-f49.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 53/76-62543-532BCEF4 for ; Thu, 28 Jun 2012 15:36:22 -0400 Received: by qabj40 with SMTP id j40so273844qab.8 for ; Thu, 28 Jun 2012 12:36:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=NmtZg2+wPkcKLnEGp6BEVyFIv71T+mxY+TRquyeTVAE=; b=a/9gcpFvpVQBNMZUw8qZusRG8aVzxhFFPK/Ek+YLMyv/ni6+o4qxIkenC3XLoJu/Uz bT/MGMfGvgETDyxz7gwFwqLKnKIJBDe2hKkXBIEo9zLotqVpS4POma4Yv5M7Tdw5CcEA WkisDZ5d2Mhtto3HiPb5DIZ+37dfkcAxbcDjW0edcEwnx1cDi3gwOwKEKJDrTXmspdVU fyB6TH6TlfHqxbV9uz0fT5OvS4GAmeXRMvj6rPR9Ox7l3pYlqhrcCaAh6VA/paqUpuey yMAr7Xovwo5WGOsS5FAizHl73zTdoJGJyWFTAmy+o8GxSZXVnTHPjndMI7ma8Q2s9bnX yNSQ== MIME-Version: 1.0 Received: by 10.224.205.195 with SMTP id fr3mr5211341qab.68.1340912179189; Thu, 28 Jun 2012 12:36:19 -0700 (PDT) Received: by 10.229.232.11 with HTTP; Thu, 28 Jun 2012 12:36:19 -0700 (PDT) In-Reply-To: <1340875005.2516.9.camel@guybrush> References: <1340815507.2802.9.camel@guybrush> <1340875005.2516.9.camel@guybrush> Date: Thu, 28 Jun 2012 15:36:19 -0400 Message-ID: To: =?ISO-8859-1?Q?Johannes_Schl=FCter?= Cc: internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API From: ircmaxell@gmail.com (Anthony Ferrara) Johannes, > I haven't looked at your patch. But if it has to call another > PHP_FuNCTION then it's not good. crypt implementation should be > accessible via C. I've refactored crypt() slightly to expose a PHP_API crypt_execute() function that does just about everything except the argument parsing / default randomizing. https://github.com/ircmaxell/php-src/blob/hash_password/ext/standard/crypt.= c Now that I did that, I adjusted the implementation to call that instead... >> I don't like the concept of core functions disappearing if they are >> not implemented. I think that does nothing but make it harder on the >> developers (now having to inject a function_exists(), etc). > > I think it's rather the opposite. In that case the user has no way to > check whether the function is there without calling it and reacting to > errors. If the function "disappears" there is a possibility to check. I've now based this implementation on HAVE_CRYPT. If that's not defined, neither are these functions... >> Additionally, since this is a security issue, I think that always >> defining the function is the better approach. Otherwise, you can wind >> up in a situation where someone else comes in and implements function >> password_verify($password, $hash) { return true; }, which would be all >> sorts of bad... =A0I can see the static linking to the function (instead >> of the dynamic call that's there), So in this case, I personally think >> the warning is appropriate. > > No, but a simple zend_parse_parameters with "s" modifier should be > enough? Well, that was enough for the main parsing. But I had to do a little bit of copy/paste for the argument array parsing (not comfortable with it): https://github.com/ircmaxell/php-src/blob/hash_password/ext/standard/p= assword.c#L262 > I don't see what makes password_verify special. If one wants a typesafe > check one can go for true =3D=3D=3D password_verify. I've changed all other parameter based error returns to NULL (even the out of range checks). But I left password_verify for now as returning false on any error. I still think this one case is significant enough to always return false/true instead of a third parameter. But we can talk about that more... Thanks, Anthony