On Sat, 2007-11-17 at 18:03 -0800, Stanislav Malyshev wrote:
You say that superglobals were not designed to be user defined, think
about it, the concept of a superglobal is present in C and C++, two of
the maturest and strictest languages around.
Concept of inserting assembly code is in C
Good Morning,
I just wanted to ask if there was ever a decision made that said tainted
mode will go into PHP mainstream.
Currently there are two implementations available:
GRASP by Coresecurity
* pro: byte level tainting which actually works
* negativ: slow
PHP Taint mode by Wietse Venema/IBM
http://blog.phpdoc.info/archives/3-PHP-Fun-Variable-Arguments-Be-Reference.html
just an example from 2.5yrs ago.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
I try to be constructive here -- I might end up as a moron, I do not
know, sorry -- but what about adding a parameter to func_get_arg to
get the argument by reference?
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
Hi!
I read this thread, and I would like to ask if is there any decision
about the behavior of inheritance?
I wrote on my blog about late static binding
(http://blog.felho.hu/what-is-new-in-php-53-part-2-late-static-binding.html),
and I came up with the following example:
?php
class
I just wanted to ask if there was ever a decision made that said tainted
mode will go into PHP mainstream.
no, there was no decision yet.
It is no secret that I don't like the idea of a taint mode in PHP
because it cannot be made secure and fast at the same time.
/me too. Although I can't
Hello,
this very subject was already discussed in a thread months ago. Basically,
it's a matter of choice whether fully established calls should break the
resolution or not. Both ways have drawbacks. Implementing both would require
yet another keyword and complications.
On Nov 18, 2007 12:27
The other difference is that Venema's implementation assumes that
functions exist that make a variable safe for usage in SQL, HTML, ...
When such a function is used the variable is marked as not tainted... In
the previous mail I showed examples why this is not secure.
GRASP on the other hand
Hi,
and for me the current behavior feels right: The call to
parrent::findByPk() is an independent call from the call before and
calls an explicit class (the parent one)
johannes
On Sun, 2007-11-18 at 14:21 +0100, Etienne Kneuss wrote:
Hello,
this very subject was already discussed in a
On 18.11.2007, at 14:00, Stefan Esser wrote:
Hi Stefan,
It is therefore obvious that the GRASP way cannot be made fast and
that
Venema's implementation will always be faster.
I wonder how other languages solve this dilemma? Like how does Ruby's
taint model work? What are the experience
I wonder how other languages solve this dilemma? Like how does Ruby's
taint model work? What are the experience there? Are there any other
languages that have a taint model?
Perl has. AFAIK it's variable-based.
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED]
Hi Stefan,
I just wanted to ask if there was ever a decision made that said tainted
mode will go into PHP mainstream.
No decision as such - I believe Wietse is doing his best to find out exactly
how viable it is, no?
it seems some people want the fast implementation of Wietse in the core
On 18/11/2007, Stefan Esser [EMAIL PROTECTED] wrote:
Good Morning,
I just wanted to ask if there was ever a decision made that said tainted
mode will go into PHP mainstream.
Currently there are two implementations available:
GRASP by Coresecurity
* pro: byte level tainting which actually
On Thu, 15 Nov 2007, Marcus Boerger wrote:
we discussed this a million times already I think. And the conclusion is
to not allow type hinting for base types.
I am actually thinking that it might be a good thing to add more and
more. I know my quick hack isn't the best implementation though.
Hi!
this very subject was already discussed in a thread months ago.
I have read the thread about it, but I didn't find a conclusion (maybe I
missed it).
Basically,
it's a matter of choice whether fully established calls should break the
resolution or not.
I think the code I sent is an
2007/11/17, Sam Barrow [EMAIL PROTECTED]:
But why not have maximum flexibility? A language should provide as many
tools to the user as possible, a tool doesn't hurt. If you don't want to
do it, don't, who cares? But an extra tool never hurts in any situation,
real life or a programming
Hi Dan,
I believe the primary use case for taint mode would be to use it in
development: taint mode is a mode which can be turned on to give you
an idea of where your application may have exposed some
vulnerabilities; let you fix those identified vulnerabilities; then
turn off for production
Hi Steph,
In a preliminary release for feedback purposes you talk about wrong
assumptions? Surely this is the whole point of having a preliminary
release for feedback :)
yes of course it is preliminary. But the whole idea is flawed. It is
assumed that a single function exists that makes user
On 18.11.2007, at 22:40, Stefan Esser wrote:
Hi Dan,
I believe the primary use case for taint mode would be to use it in
development: taint mode is a mode which can be turned on to give you
an idea of where your application may have exposed some
vulnerabilities; let you fix those identified
Hello Lukas,
I wonder how other languages solve this dilemma? Like how does Ruby's
taint model work? What are the experience there? Are there any other
languages that have a taint model?
I don't know exactly what they do, but if I am not completely mistaken
the difference is simple.
AFAIK
On 18.11.2007, at 22:56, Stefan Esser wrote:
This is different from the implicit untainting through htmlentities()
and mysql_real_escape_string() because there
are obviously cases where these functions are the WRONG functions and
the developer will never realise this
because he was not taught
2007/11/18, Derick Rethans [EMAIL PROTECTED]:
I am actually thinking that it might be a good thing to add more and
more. I know my quick hack isn't the best implementation though.
Yes and it is an alternative and not a mandatory thing to use.. as long as :
?php
function foo(int $num) {
On Nov 18, 2007 5:52 PM, Cristian Rodriguez [EMAIL PROTECTED] wrote:
2007/11/18, Derick Rethans [EMAIL PROTECTED]:
I am actually thinking that it might be a good thing to add more and
more. I know my quick hack isn't the best implementation though.
Yes and it is an alternative and not a
AFAIK perl has variable level tainting, but does not have implicit
untainting.
Applying any regexp to tainted variable produces untainted results in Perl.
--
Stanislav Malyshev, Zend Software Architect
[EMAIL PROTECTED] http://www.zend.com/
(408)253-8829 MSN: [EMAIL PROTECTED]
--
PHP
The problem here is that both approaches fail to be completely secure
even when your test environment
I don't think taint mode can be truly considered as security feature.
It's rather a feature that would remind the developer he needs to think
about security. Just as an alarm clock can wake
I have thought about this, using obects for all variables, but all of
the extra code amounts to alot in a large application, and when using
hundreds of small strings and integers scattered throughtout your
application, this would cause a serious performance drop.
On Sun, 2007-11-18 at 18:13
I've been working on your patch, adding types and making it more stable.
Worked pretty good for me though, with the exception of a couple things
(some code was different in 5.3 than in your diff files, but that makes
sense as you wrote this patch in 2006).
I think more type hinting in all areas
I know well the sacred loose typing anthem, but is there any hope to see
the class properties type hinted one day? (and the return value as well)
I mean, as an OPTION, as it is already done with function parameters...
Class A {
}
Class B {
public A $a;
}
Because:
1. It is so strange to see
On Nov 19, 2007 12:13 AM, David Coallier [EMAIL PROTECTED] wrote:
I was thinking at something along the lines of objects also for instance:
$i = new Integer(33);
function foo(Integer $var) {
}
foo ($i); else it emits a fatal error. But also if you do
$i = Name; that would emit a fatal
Stefan Esser:
[ Charset ISO-8859-15 unsupported, converting... ]
Hi Steph,
In a preliminary release for feedback purposes you talk about wrong
assumptions? Surely this is the whole point of having a preliminary
release for feedback :)
yes of course it is preliminary. But the whole idea
Stefan Esser:
2) Using mysql_real_escape_string() on user input does not make it safe
for SQL. It only makes SQL strings safe.
Example: SELECT * FROM table WHERE id=.mysql_real_escape_string($id)
is NOT secure but will result in no taint warning
Can you give a specific example? I'd like to
Karoly Negyesi wrote:
Dear Brian,
Say, you have a CMS which generally calls some kind of functions and
some of them might need to modify one array the other needs to modify
two arrays... Currently you need to wrap these into a arguments
array otherwise func_get_args will butcher your
On Nov 18, 2007 7:24 PM, Hannes Magnusson [EMAIL PROTECTED] wrote:
On Nov 19, 2007 12:13 AM, David Coallier [EMAIL PROTECTED] wrote:
I was thinking at something along the lines of objects also for instance:
$i = new Integer(33);
function foo(Integer $var) {
}
foo ($i); else it
Johannes Schlüter wrote:
Hi,
and for me the current behavior feels right: The call to
parrent::findByPk() is an independent call from the call before and
calls an explicit class (the parent one)
This makes no sense to me. It makes it COMPLETELY impossible to do any
form of slightly
I both like and dislike the fact that PHP is so loosely typed. It makes
it very easy, which I like, however it is sometimes not strict enough,
allowing for undetected errors, which of course I don't like.
I think the ideal solution here is to make it a hybrid type of language,
where typing is
What is the general opinion on multiple class inheritance. I have a need
for it. I have objects for all user input fields.
$username = new field ;
$username - name = 'username' ;
$username - maxLen = 32 ;
I have three types of fields. Fields that are automatically put in the
database, such as
Sam Barrow wrote:
What is the general opinion on multiple class inheritance. I have a need
for it.
Use object composition?
--
Edward Z. YangGnuPG: 0x869C48DA
HTML Purifier http://htmlpurifier.org Anti-XSS Filter
[[ 3FA8 E9A9 7385 B691 A6FC B3CB A933 BE7D 869C 48DA
It sounds like you want to be using decorators instead.
http://en.wikipedia.org/wiki/Decorator_pattern
On Sunday 18 November 2007, Sam Barrow wrote:
What is the general opinion on multiple class inheritance. I have a need
for it. I have objects for all user input fields.
$username = new
Larry Garfield wrote:
It sounds like you want to be using decorators instead.
The decorator pattern is inappropriate for this case, because Sam wants
to extend the interface, not change the behavior of an existing one.
--
Edward Z. YangGnuPG: 0x869C48DA
HTML Purifier
(Sorry, hit reply too soon.)
Or, alternatively, you can mostly implement friend functions of a sort:
http://www.garfieldtech.com/blog/php-magic-call
but they have a performance penalty:
http://www.garfieldtech.com/blog/magic-benchmarks
On Sunday 18 November 2007, Sam Barrow wrote:
What is
I realize that instance calls are a completely different ball game than
static calls but LSB was supposed to give us the same flexibility.
Actually, I don't think it was. If you want objects, why not use the
real thing? LSB was created to solve just one particular problem -
inability to
Hi,
I have failed the state the goal and not the task rule, sorry.
So, my goal is to pass a variable number of arguments of which some
could be references. I believed that this needs calltime by-ref calls
but obviously need. For func_get_arg, a simple flag could suffice. For
func_gets_args, I do
On Monday 19 November 2007, Edward Z. Yang wrote:
Larry Garfield wrote:
It sounds like you want to be using decorators instead.
The decorator pattern is inappropriate for this case, because Sam wants
to extend the interface, not change the behavior of an existing one.
class AbstractField {
Larry Garfield wrote:
$myfield = new InputField(new DBField(new AbstractField(...))); [snip]
Nah, what you're talking about now is a chain of responsibility, where
events are in the form of method calls. :-)
--
Edward Z. YangGnuPG: 0x869C48DA
HTML Purifier
Stanislav Malyshev wrote:
I realize that instance calls are a completely different ball game than
static calls but LSB was supposed to give us the same flexibility.
Actually, I don't think it was. If you want objects, why not use the
real thing? LSB was created to solve just one particular
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Stefan,
Stefan Esser wrote:
GRASP by Coresecurity
* pro: byte level tainting which actually works
* negativ: slow
PHP Taint mode by Wietse Venema/IBM
* pro: faster
* negativ: broken design+insecure
I don't see a big problem with having a
46 matches
Mail list logo