Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:79018 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 17609 invoked from network); 20 Nov 2014 06:38:26 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Nov 2014 06:38:26 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.220.54 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.220.54 mail-pa0-f54.google.com Received: from [209.85.220.54] ([209.85.220.54:42515] helo=mail-pa0-f54.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id BA/30-14967-06C8D645 for ; Thu, 20 Nov 2014 01:38:25 -0500 Received: by mail-pa0-f54.google.com with SMTP id fb1so1910539pad.41 for ; Wed, 19 Nov 2014 22:38:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=qKYR5S2jonA++9lr94wbV5ESpzn9wxVcdesjjQA/zNA=; b=HXkqRJerFPP7GR0Q4JbZV/JAdtPicfwiJ7vLIbuKBipgcStCrJU49HW0eVcH0THBOD k1AflB4L+EIhvApaPW0HoVkdNr2+oRejW48OKI4lGNI4q9WHhQiSoJsHslcuqvVqOnxV vPbdckh4h1OAqn2bew1RJeFpnapWS1eX4QOz3CkhByYfukr5In1FCi8GdZEu9ZBghEyN 8e3miqCbznFWYpA+TvCAhCgUvSMAFoGAKrgR10XWPNI/sb5xxrpeFXQKIvSWRxAhVWbM Oxa1d40d9l8MTjqTz9Y3PljAmsOC519dOEByGg2pvLMsUdGPOt9seUwJboHiOO+SOS6t P/3A== X-Received: by 10.68.108.67 with SMTP id hi3mr53959091pbb.19.1416465502054; Wed, 19 Nov 2014 22:38:22 -0800 (PST) Received: from [192.168.2.102] (108-66-6-48.lightspeed.sntcca.sbcglobal.net. [108.66.6.48]) by mx.google.com with ESMTPSA id pk1sm1011045pdb.78.2014.11.19.22.38.21 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 19 Nov 2014 22:38:21 -0800 (PST) Message-ID: <546D43B3.60708@gmail.com> Date: Wed, 19 Nov 2014 17:28:19 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: Yasuo Ohgaki , Andrea Faulds CC: PHP Internals References: <66B7B28C-2651-4A71-AC2A-55D4C7BB3DDC@ajf.me> In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] [RFC] Safe Casting Functions From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > I like this RFC overall. Precise parameter checks is good for security > always. I don't see how it matters for security at all. If you need an int, (int) works as well as any proposed check, security-wise. You may want different diagnostics, etc. but this doesn't have to do much with security. In other words, if the security depends on any differences between (int) and to_int, it's probably not done right. -- Stas Malyshev smalyshev@gmail.com