Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:79043 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 461 invoked from network); 20 Nov 2014 16:55:02 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Nov 2014 16:55:02 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.223.173 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.223.173 mail-ie0-f173.google.com Received: from [209.85.223.173] ([209.85.223.173:58744] helo=mail-ie0-f173.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A3/4D-14967-4EC1E645 for ; Thu, 20 Nov 2014 11:55:01 -0500 Received: by mail-ie0-f173.google.com with SMTP id y20so3107675ier.4 for ; Thu, 20 Nov 2014 08:54:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=tLrzD9tS9iP8QTLXRvHxEJctUib1UNEtS21Xlikeu/I=; b=oJBMHGpOEA7AfCL/ZKo7ntK8Rjs2mhOj9/yoyyr0KfCDPJYjquLGjd9z+VgeNm2pW7 6ZzHSRoZru9tos8T4xGwLnySfgPqVGVguqejkjuygwQDL25+/yaLImJN2hbwp+VdpXgr RumqOM9pMFWGLNEdjIYSHmW+oo6do05x8SZtaPyLP/cdCdRn+mzDRKRP2f7wf4ysqRlB mROpqgG0XtzHDURrkRVYwGa7jaYv3ZiCxbnV3ncYqY0QuqQ0hrkjDQGtz6XaKO9Anene ZRByHczdSSlnG17C4u0XV2671unr5+RL/h7lG5NLLTDRd7Ac5Bzbi1Y65AX7z3d6NXQB 293Q== MIME-Version: 1.0 X-Received: by 10.42.39.6 with SMTP id f6mr8800190ice.14.1416502497693; Thu, 20 Nov 2014 08:54:57 -0800 (PST) Received: by 10.64.148.15 with HTTP; Thu, 20 Nov 2014 08:54:57 -0800 (PST) Received: by 10.64.148.15 with HTTP; Thu, 20 Nov 2014 08:54:57 -0800 (PST) In-Reply-To: References: <66B7B28C-2651-4A71-AC2A-55D4C7BB3DDC@ajf.me> <546D43B3.60708@gmail.com> Date: Thu, 20 Nov 2014 08:54:57 -0800 Message-ID: To: Yasuo Ohgaki Cc: Andrea Faulds , PHP Internals Content-Type: multipart/alternative; boundary=90e6ba61493c32d85305084d305d Subject: Re: [PHP-DEV] [RFC] Safe Casting Functions From: smalyshev@gmail.com (Stas Malyshev) --90e6ba61493c32d85305084d305d Content-Type: text/plain; charset=UTF-8 Hi! > Please refer to CWE/SANS TOP 25, Monster Mitigation especially. > > http://cwe.mitre.org/top25/#Mitigations > > and ISO 27000. (I cannot provide link to it, since one should buy the > document to read) Could you please be more specific about how this relevant to this specific case? "But an ISO standard and read it whole" is not exactly a good argument discussing specific issue. > Programmer should control over all inputs as the most important security > measure. > There are two strategies in general. > > - Convert inputs to secure values and ignore possible attacks. > (Sanitization) > - Validate inputs to reject malformed values and record possible > attacks. (Validation and logging) Thank you, I am aware of what sanitizing and validating input is. > to_int can be used as validation. It has advantage to record possible > attack (or bug). Logging is > one of important security feature. Therefore, validation could be said > more secure than sanitization. This is just your personal opinion. Logging is not a security feature, and if it were, it could be established independently, and should be anyway since to_* log nothing. So claiming to_* is a security feature is just wrong - it's like saying fopen() is a security feature because you could use it to open a log file to which you'd write security-relevant data. > Which strategy to adopt is that depends on organization/application > policy. Public web sites may ignore This is right. So your claim that one is more secure than the other is not correct. -- Stas Malyshev smalyshev@gmail.com --90e6ba61493c32d85305084d305d--