PHPDeveloper.org: PHP 10.0 Blog: php -T (variable tainting)

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

Recent Jobs

Job Posting: Vermont Information Processing Seeks Senior/Lead PHP Developer (Burlington, VT)

Job Posting: Mediware Blood Center Technologies Seeks PHP Software Developer (Jacksonville, FL)

PHP Zone: Can Learning Drupal Get You a Job?

Job Posting: Tilllate Media Seeks Senior PHP Developer (Glasgow, UK)

Job Posting: Agency Matrix Seeks Senior Application Developer (Addison, TX)

Job Posting: HUGE Seeks Freelance Zend/WordPress Developer (Brooklyn, NY)

Job Posting: Abbott Laboratories Seeks PHP Developer (Irving, TX)

Job Posting: BetFair Seeks Lead Software Engineer (Web)

Job Posting: Uplifting Innovations Seeks Lead PHP Developer (Portland, OR)

Job Posting: Ganz Seeks PHP Developer (Toronto, Ontario)

News Archive

php|architect: Programming: you're doing it wrong

Brian Moon's Blog: PHP command line progress bar

Alan Skorkin's Blog: How To Fix The WP-Syntax Special Character Escaping Issue

Eli White's Blog: An intriguing use of lambda functions

Site News: Blast from the Past - One Year Ago in PHP

Perplexed Labs Blog: PHP Forking to Concurrency with pcntl_fork()

Community News: Microsoft Returns with The Ultimate Coder Battle

Webitech.net: Create an Impressive Content Editing System with jQuery and PHP

php|architect: It's not all about the code

Brian Swan's Blog: mssql vs. sqlsrv: What's the Difference? (Part 1)

PHP 10.0 Blog:
php -T (variable tainting)

by Chris Cornutt December 11, 2006 @ 10:26:00

On the PHP 10.0 Blog, there's a new post today talking about variable tainting and what it might be like if PHP included it too.

Perl and Ruby have variable tainting. Maybe PHP should have it too?

Variable tainting is a bit of built-in functionality that provides a "safety net" of sorts to the contents of variables to help protect both the users and the script itself from potentially harmful content.

He talks about how Ruby and Perl handle the functionality and how, were PHP to work it in, which approach would fit better with PHP's current model:

If one wants to implement proper tainting or sandboxing, it probably should be based on more generic approach that would account for existence of functions unknown in design time.

0 comments voice your opinion now!
variable tainting perl ruby sandbox unsafe content protect variable tainting perl ruby sandbox unsafe content protect

Similar Posts