So, what if an ISP (webhost) enables taint functionality, and a
developer uses a PHP library that uses custom filter functions for
filtering data. Will this developer see messages displayed on his PHP
application even though filtering is being done?
Jordan
So, what if an ISP (webhost) enables taint functionality, and a
developer uses a PHP library that uses custom filter functions for
filtering data. Will this developer see messages displayed on his PHP
application even though filtering is being done?
Presumably the filtering functions "untaint" the data.
The whole point of "taint" is to catch data that is getting passed
RAW to places raw data shouldn't get passed.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
Jordan Moore wrote:
So, what if an ISP (webhost) enables taint functionality, and a
developer uses a PHP library that uses custom filter functions for
filtering data. Will this developer see messages displayed on his PHP
application even though filtering is being done?
Correctly implemented filtering library would untaint the data, of
course. One of the TODOs might be providing API making easier to write
such library.
--
Stanislav Malyshev, Zend Products Engineer
stas@zend.com http://www.zend.com/