Re: php to do input validation...

[Darren Bounds <dbounds () intrusense com>]

It's called managed code, and it's a much more reliable, tested means 
of implementation than letting someone who doesn't know what they're 
attempt to write their own.  How can it be anything but a positive? 
Programmers are coddled every day with all sorts of APIs, especially in 
high level languages like PHP, Perl, Python, etc. Security classes are 
no different.


On Feb 1, 2005, at 8:19 PM, Matthew Wirges wrote:

> I thought this was interesting...
>
> http://news.php.net/php.internals/14474
>
> Turns out that there may be input filtering in PHP's future. Maybe 
> even in the next release of 5.x.  Read that thread for more 
> information.
>
> My question for webappsec, is do you think its a good idea for a 
> programming language to add this sort of functionality?  Does it 
> coddle users?  Does it give a false sense of security (especially if 
> they aren't implemented right)?  Or do the positives outweigh the 
> negatives?
>
> Cheers,
> -matt
> --
> Matthew Wirges
> IT Security and Policy Analyst
> Office of the Vice President for Information Technology
> Security and Privacy, Purdue University
> wirges () purdue edu :: (765)49-62307
> PGP/GPG: EB69 701E EECC 5DD0 E604  0EE0 1346 74BF 5DBC 5ADB