Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:61215 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 14242 invoked from network); 14 Jul 2012 00:32:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 14 Jul 2012 00:32:15 -0000 Authentication-Results: pb1.pair.com smtp.mail=alex.aulbach@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=alex.aulbach@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.161.170 as permitted sender) X-PHP-List-Original-Sender: alex.aulbach@gmail.com X-Host-Fingerprint: 209.85.161.170 mail-gg0-f170.google.com Received: from [209.85.161.170] ([209.85.161.170:62850] helo=mail-gg0-f170.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 51/E2-20866-E0EB0005 for ; Fri, 13 Jul 2012 20:32:14 -0400 Received: by ggnf2 with SMTP id f2so4903126ggn.29 for ; Fri, 13 Jul 2012 17:32:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=QXZlg54pJYuSywXwDxswAg9ip6FAaeEJQv/OOKGHxl0=; b=MsGJ48HGPQ7RLAKNzUwXO10IvvU7i/1BPEpoh6M0OgL9qv+28HUbwGQ8DThS3u04MF MMNe7kkuavBht7MEeL7E22LKjOeslsMsS49jUVrTpR1ZDOCt5fCYg0m/rwoQbiHIGQbW 6qnU/9GuJgt2ka2vQ3aZpDh8tb4dQklO/M2tstV3iXysz8D5tII/b57UIPOrZRA2vqHF sCZ92glBQr3LLjjeGZtk0054yvHV0DanR6R26Jq7/Oip2dv/9tFu0w3+E7VK0IQ1kN1O 2JPOcJxkE0f/XY95JU1XuJFYXiqj6ZVmExKSKGIbn68dwnFpNSEIZkqHVSADQhqWVRPq CaMQ== MIME-Version: 1.0 Received: by 10.236.153.104 with SMTP id e68mr3006538yhk.36.1342225931367; Fri, 13 Jul 2012 17:32:11 -0700 (PDT) Received: by 10.236.48.177 with HTTP; Fri, 13 Jul 2012 17:32:11 -0700 (PDT) In-Reply-To: <5000990F.30105@gmail.com> References: <4FFFF84D.9070202@rotorised.com> <5000990F.30105@gmail.com> Date: Sat, 14 Jul 2012 02:32:11 +0200 Message-ID: To: =?ISO-8859-1?Q?=C1ngel_Gonz=E1lez?= Cc: Ryan McCue , internals@lists.php.net Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: [PHP-DEV] [PROPOSED] password_hash RFC - Implementing simplified password hashing functions From: alex.aulbach@gmail.com (Alex Aulbach) 2012/7/13 =C1ngel Gonz=E1lez : > The codebase does no global exception handling (because it doesn't throw > exceptions itself), > and also nobody configured the server not to show errors/exceptions > (some say it was > purposely setup to show them). > password_verify() "errors" if the parameters are not strings or the hash > doesn't match a > known hash format. > Which kind of error should you use? errors or exceptions? Provide a > reasoned answer. Exceptions and a blank page/empty body for the user should be the default. Because: Think of it like a printer: If the printer has an error, it will not continue to work, to avoid any break. The user needs to open all paper trays, look into them and remove eventually the paper before the printer can continue. For a login it's the same kind of logic: If you don't know what happened you need to look into any "tray". If you implement more sensors (better exception handling), you may continue without looking. In detail: - Normally the code has no error here. No real need for fetching exceptions= . - So, if there is an error, you don't know why (because you didn't fetch). - Even if I know there was an error (password_hash() returns false): I can not continue with any action, because I don't know why. - If you don't know the reason of an error, it is in this case an error to continue, - which will be done automatically, if you don't fetch. Perfect. - And to make it not obvious for a hacker to get sufficient informations about the type of exception, it is the most secure way to display no information to a possible invader. I know this will break current behaviour completly. But it's the most secure way to do. And security is the reason of this discussion. To implement this we need for example a special type of exception (e. g. "interface non_displayable"), which will remove the error-messages. --=20 Alex