Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:95225
Return-Path: <smalyshev@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 50339 invoked from network); 16 Aug 2016 06:42:11 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Aug 2016 06:42:11 -0000
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.175 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@gmail.com
X-Host-Fingerprint: 209.85.192.175 mail-pf0-f175.google.com  
Received: from [209.85.192.175] ([209.85.192.175:36808] helo=mail-pf0-f175.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 4D/A1-36656-1C5B2B75 for <internals@lists.php.net>; Tue, 16 Aug 2016 02:42:10 -0400
Received: by mail-pf0-f175.google.com with SMTP id h186so24504799pfg.3
        for <internals@lists.php.net>; Mon, 15 Aug 2016 23:42:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=subject:to:references:from:message-id:date:user-agent:mime-version
         :in-reply-to:content-transfer-encoding;
        bh=GlLvuGDxZ1SiYknumaPgOQEvdvgJJo0JIPYBI18HzWc=;
        b=wOpEPXWhz0wfUFxd4PpMtluaoDHDR+3mi5KKj7PhO9XSDW5C6kDu92RsaMBsuO9dHc
         AOFF+t3LYgTehctMd7jFSy0ZPpZoxHzubFamDzSBXenxfPZd2fRqRIG2PMg5H/PWfK+E
         p6ZH1WYxc0Ktd7tZRV4K8ujRCFhj2JMObVJkHU3Q/ZuGUYXWwQ0tw6Ng3QYbx3/QapsV
         oAzuaH6BTE4PCkedmB3L6s36WzzdjiN93ExgIigN+geIDVdYQh1skgv2EEnQIq7VQ/vz
         7iCUyQYcT/pUA3iH9y/UKk9n77NeQnDqMfI1vUKlE+tFiyRj8yN+SFnfL6uMMgxSTjvp
         mOmg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:subject:to:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-transfer-encoding;
        bh=GlLvuGDxZ1SiYknumaPgOQEvdvgJJo0JIPYBI18HzWc=;
        b=U9yQOza8z8ZkdS2eOmdKmZG2RjtcstIRIeVV7f9gWMRNbkUCNbEjxeIisYWEh/zT1z
         w4KoWXwFit/Yi0Xy3Pnc29b9oWG8MSSLgMqF2Na3zAAx/YahSyX1c632TzPwRarqFXZi
         ih+dMO/jVhv2KybgMECvL0sBy0ZgnjWQ2CYvEayYBrKfQO5+p5bUfd4uJYP95MhYngFi
         Zr/ErTBwbpWDgv86HPOTZ57dnZ84hBRaBriFJ6A/LZgFtuvUXW0YnQlmJoBNXP3yz6VH
         OUSvLIWDKYO9tI6eO4bjFGFEoSKCCexzRdJtuZ6eXPZ0K6rih6w5/hMqlUetK9qi7rzd
         L1lg==
X-Gm-Message-State: AEkooutTmMNU04JUbegBkksE4Klnd85/RmnjGjcxU+qBGlq4vHal2TdqDmTE9tE+VrjX7A==
X-Received: by 10.98.13.84 with SMTP id v81mr61630480pfi.108.1471329727018;
        Mon, 15 Aug 2016 23:42:07 -0700 (PDT)
Received: from Stas-Air.local (108-233-206-104.lightspeed.sntcca.sbcglobal.net. [108.233.206.104])
        by smtp.gmail.com with ESMTPSA id ty6sm36118661pac.18.2016.08.15.23.42.06
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 15 Aug 2016 23:42:06 -0700 (PDT)
To: "Christoph M. Becker" <cmbecker69@gmx.de>,
 Tony Marston <TonyMarston@hotmail.com>, internals@lists.php.net
References: <CAGa2bXarw2jTj0yhXpywWNQOJLR2pdhfaqSdwj_btT2giEL15Q@mail.gmail.com>
 <CAGa2bXadVagTwBzEym9PZROmXu3SKxg=huCAQNK3k1-jZeG_pg@mail.gmail.com>
 <CAGa2bXY-vmEgEFrE0OxQPSx=FKHeHdCayrDXxtTkHUVaJbV+-A@mail.gmail.com>
 <CA+kxMuRiOBQpmTeKqNyV8rX0GKCLrYixi--y5TcYUkdqpT746w@mail.gmail.com>
 <90.51.36656.0C0A1B75@pb1.pair.com>
 <0cb4db8b-0130-5ba6-6954-d3132345aec3@gmx.de>
Message-ID: <3f4ee584-0f69-cbaa-4ae5-52670fe4d4c9@gmail.com>
Date: Mon, 15 Aug 2016 23:42:05 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0)
 Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <0cb4db8b-0130-5ba6-6954-d3132345aec3@gmx.de>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Re: [RFC][VOTE] Add validation functions to filter
 module
From: smalyshev@gmail.com (Stanislav Malyshev)

Hi!

> Yasuo (who Dan quoted here) refers to completely invalid input, such as
> invalid UTF-8 byte sequences.  I think, that in this case the app should
> bail out without even given detailed information, as such grossly
> invalid input most likely is an attempt to attack (or a severe browser bug).

I personally am not a big fan of "bail out without giving information",
unless that information somehow crosses security boundary (e.g.
displaying PHP error messages in production) or reveals unnecessary info
(this part is super-tricky in crypto, but ouside of crypto common sense
is usually not a bad guide).

Assume indeed you have a buggy release of Firefox that produces invalid
UTF-8 when your language is set to Hindi (this is almost true story btw,
I've seen bug not exactly that but somewhat similar). Now assume you get
a message from the user "all our office can not use your application
since new version was deployed!" and you walk the user through and it
indeed bails out, no additional info. How you debug that? You don't know
Hindi is the culprit. You may not have access to that office's
environment. Your users can't help much but scream "get our app working
again, we're losing money here!". And of course it works for you when
you try it and best time to talk to them is 4am on your side.

Now, how much easier your life would be if you app would just report
"invalid UTF-8 sequence encountered in parameter FirstName" before
bailing out? How many hours, pulled out hairs and 4am sessions would it
save? I think it's worth considering.

-- 
Stas Malyshev
smalyshev@gmail.com