Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:88245
Return-Path: <stefan.esser@sektioneins.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 99801 invoked from network); 16 Sep 2015 14:38:13 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Sep 2015 14:38:13 -0000
Authentication-Results: pb1.pair.com header.from=stefan.esser@sektioneins.de; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=stefan.esser@sektioneins.de; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain sektioneins.de from 81.169.146.180 cause and error)
X-PHP-List-Original-Sender: stefan.esser@sektioneins.de
X-Host-Fingerprint: 81.169.146.180 mo4-p05-ob.smtp.rzone.de  
Received: from [81.169.146.180] ([81.169.146.180:57677] helo=mo4-p05-ob.smtp.rzone.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id EB/EC-30198-2DE79F55 for <internals@lists.php.net>; Wed, 16 Sep 2015 10:38:13 -0400
X-RZG-AUTH: :OH4FY0Wkd/plSHgwfKFIgHoVYx5SSathkA9OvI+ii+JXGfvQUzm/Ahii6TS6lN3e
X-RZG-CLASS-ID: mo05
Received: from [192.168.1.16] (cable-78-34-0-119.netcologne.de [78.34.0.119])
	by smtp.strato.de (RZmta 37.12 DYNA|AUTH)
	with ESMTPSA id v04c33r8GEc7YLj
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA))
	(Client did not present a certificate)
	for <internals@lists.php.net>;
	Wed, 16 Sep 2015 16:38:07 +0200 (CEST)
Message-ID: <55F97ECF.3060006@sektioneins.de>
Date: Wed, 16 Sep 2015 16:38:07 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: internals@lists.php.net
References: <BLU437-SMTP762BF68D5F013E39BF6AC6E95D0@phx.gbl> <CAJW__o3mCdAdm=jaLpLCSpWC4ekmc98CszcUKNr98qu5JgZBeQ@mail.gmail.com> <BLU437-SMTP66DB73C07E0C570EC13C4CE95D0@phx.gbl> <EBCBA455-F469-4D2A-B21A-B6EA3CE4FAEB@craigfrancis.co.uk> <55F842FE.6080502@dennis.birkholz.biz> <55F978FE.90908@cubiclesoft.com>
In-Reply-To: <55F978FE.90908@cubiclesoft.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Subject: Re: [PHP-DEV] taint
From: stefan.esser@sektioneins.de (Stefan Esser)

Good morning,
> ==8<--------------------------
> Taint is blacklisting.
>  
Last time I checked marking all user input as tainted and requiring
"untainting" before usage in sensitive functions is whitelisting and not
blacklisting.

Regards,
Stefan

-- 
SektionEins GmbH            stefan.esser@sektioneins.de
Breite Str. 159                    Tel: 0221 / 29282931
50667 Köln                         Fax: 0221 / 29282935
http://SektionEins.de/
 
Firmensitz          Breite Str. 159         50667 Köln
Registergericht     Amtsgericht Köln        HRB 59950
Geschäftsführer: Stefan Esser, Benjamin Fuhrmannek, Christian Horchert