WebApp Sec mailing list archives
Re: php to do input validation...
From: Darren Bounds <dbounds () intrusense com>
Date: Thu, 3 Feb 2005 13:28:43 -0500
It's called managed code, and it's a much more reliable, tested means of implementation than letting someone who doesn't know what they're attempt to write their own. How can it be anything but a positive? Programmers are coddled every day with all sorts of APIs, especially in high level languages like PHP, Perl, Python, etc. Security classes are no different.
On Feb 1, 2005, at 8:19 PM, Matthew Wirges wrote:
I thought this was interesting... http://news.php.net/php.internals/14474Turns out that there may be input filtering in PHP's future. Maybe even in the next release of 5.x. Read that thread for more information.My question for webappsec, is do you think its a good idea for a programming language to add this sort of functionality? Does it coddle users? Does it give a false sense of security (especially if they aren't implemented right)? Or do the positives outweigh the negatives?Cheers, -matt -- Matthew Wirges IT Security and Policy Analyst Office of the Vice President for Information Technology Security and Privacy, Purdue University wirges () purdue edu :: (765)49-62307 PGP/GPG: EB69 701E EECC 5DD0 E604 0EE0 1346 74BF 5DBC 5ADB
Current thread:
- php to do input validation... Matthew Wirges (Feb 02)
- Re: php to do input validation... Kevin Carlson (Feb 03)
- Re: php to do input validation... Griffiths, Ian (Feb 03)
- RE: php to do input validation... Andrew van der Stock (Feb 03)
- Re: php to do input validation... Darren Bounds (Feb 03)