News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Stefan Esser's Blog:
CORE GRASP - PHP Tainted Mode
August 22, 2007 @ 16:19:27

Stefan Esser points out a new patch today - CORE GRASP - from the Core Security Technologies group that provides taint support surrounding the mysql_query function.

Their implementation adds a tainted or not flag for every byte so that it is possible on invocation of mysql_query() to determine any kind of injection.

Unfortunately, Stefan also mentions two big issues it might have from the get-go: the overhead for the memory needed can slow things down and an incorrect parsing in their query handler could lead to injection attacks.

1 comment voice your opinion now!
core grasp patch php5 taint support mysqlquery security technologies core grasp patch php5 taint support mysqlquery security technologies


blog comments powered by Disqus

Similar Posts

Anthony Ferrara: A Lesson In Security

DevShed: Retrieving Information on Several Objects with Destructors in PHP 5

The Northclick Blog: A comma is a comma is a comma...or is it?

Kian Hui Teo\'s Blog: Switching between PHP 5.1.x and Zend Core for Oracle

Codewalkers.com: New Tutorial - Coding \"Best Practices\" - or at least \"Better Practices\"


Community Events

Don't see your event here?
Let us know!


extension framework symfony introduction laravel laravel5 security version language api unittest community interview library opinion podcast voicesoftheelephpant series threedevsandamaybe release

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework