Rasmus Lerdorf schrieb:
The alternative of relying on the developer remembering to filter simply doesn't work. Wietse's taint mode is another approach, but it has performance implications.
As I said, when the backend does the escaping, you don't have to remember it.
filtering would fix, or they stem from people applying the wrong filters in the wrong situations which again would happen under any system. What
If the backend picked the escaping mechanism, *that* wouldn't happen (if the backend isn't buggy, but that can happen for any way)
The other thing this gives us is the ability to run 3rd-party untrusted apps. You only need to find the 2 or 3 places where the app needs something other than the default filtered data and even the most insecure app can be run with some semblance of security.
"Some" is the right word here. That insecure app could leak information from your server, write or read data to/from locations it shouldn't, etc. Also, I don't think it would be just 2 or 3 places. It'll be more like every point where it's real user input (and not form ids, hidden values etc), because then you have to expect almost any char that your filter has to strip to be safe - Mr. O'Reilly won't be amused if he's called OReilly, O''Reilly, O'Reilly or O\'Reilly.
Regards, Stefan -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
