Re: PHP
From: David Wheeler (dwheeler@ida.org)Date: 08/22/01
- Previous message: Adam Megacz: "appropriate security restrictions for untrusted client-side code?"
- Maybe in reply to: David Wheeler: "PHP"
- Next in thread: teo@gecadsoftware.com: "Re: PHP"
- Reply: teo@gecadsoftware.com: "Re: PHP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Wheeler" <dwheeler@ida.org> Message-Id: <1010822105929.ZM20516@aphrodite.csed.ida.org> Date: Wed, 22 Aug 2001 10:59:28 -0400 To: secprog@securityfocus.com Subject: Re: PHP
teo@gecadsoftware.com said:
>That's why sites with only one entry point are easier to manage and easier to
>address their security (as in data-from-the-user issue.)
>One can use a MVC model, and have only one entry in the site to do the
>`dispatching'. That entry can do proper checkings and all.
That's a very reasonable approach, and often worthwhile for other reasons.
Unfortunately, I think that's less helpful when dealing with PHP's problems.
Starting from the single entry you'd "dispatch" to many different programs,
and unless all those programs carefully reset all variables (it's the
transitive closure problem), you're still vulnerable.
The front-end can make sure that only a given list of variables are
set, and that would help. However, what if a variable from that list is
set when one of the dispatchees wasn't expecting it from the outside?
In any case, this all requires unusual amounts of diligence.
Programming is hard enough without requiring superhuman feats of diligence
for common activities that are automatically secure in other languages.
- Previous message: Adam Megacz: "appropriate security restrictions for untrusted client-side code?"
- Maybe in reply to: David Wheeler: "PHP"
- Next in thread: teo@gecadsoftware.com: "Re: PHP"
- Reply: teo@gecadsoftware.com: "Re: PHP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
