The On Jul 28, 2015 11:42 PM, "Christoph Becker" <cmbecke...@gmx.de> wrote: > > Rowan Collins wrote: > > > On 28 July 2015 18:33:31 BST, Matt Tait <matt.t...@gmail.com> wrote: > >> Hi all, > >> > >> I've written an RFC (and PoC) about automatic detection and blocking of > >> SQL > >> injection vulnerabilities directly from inside PHP via automated taint > >> analysis. > >> > >> https://wiki.php.net/rfc/sql_injection_protection > > > > Have you searched the list archive and wiki for previous discussions and prototypes of variable tainting? The idea may well have some legs, but there might be some interesting points from previous discussions to note in your RFC. > > FWIW, there is the inactive "Taint support for PHP"[1] RFC. > > [1] <https://wiki.php.net/rfc/taint>
Which is what should be done (global tainted mode) and not only for SQL. Unfiltered input can affect way more than only SQL. Environment, exec, etc are all potentially dangerous with unfiltered data. I fear it is an almost impossible task and may give a wrong signal, everything is safe of tainted mode is enabled. Cheers, Pierre
