PHPDeveloper.org: Stefan Esser's Blog: CORE GRASP - PHP Tainted Mode

	News Feed
	Jobs Feed

Sections

Tutorials

Books

Events

Talks

Jobs

News Archive

Community News: Packagist Latest Releases for 05.25.2013

Adam Culp: PHP usage statistics

Michelangelo van Dam: UA Testing with Selenium and PHPUnit

PHP.net: PHP 5.5.0RC2 is available

Community News: Packagist Latest Releases for 05.24.2013

Site News: Popular Posts for the Week of 05.24.2013

Anna Filina: Full Test Coverage is Impractical

ZFort Group: The Battle of the Titans. Zend vs. Symfony

Lorna Mitchell: Simplest PHP Generator Example

Engine Yard: A Conversation About Testing in PHP

Stefan Esser's Blog:
CORE GRASP - PHP Tainted Mode

by Chris Cornutt August 22, 2007 @ 16:19:27

Stefan Esser points out a new patch today - CORE GRASP - from the Core Security Technologies group that provides taint support surrounding the mysql_query function.

Their implementation adds a tainted or not flag for every byte so that it is possible on invocation of mysql_query() to determine any kind of injection.

Unfortunately, Stefan also mentions two big issues it might have from the get-go: the overhead for the memory needed can slow things down and an incorrect parsing in their query handler could lead to injection attacks.

1 comment voice your opinion now!
core grasp patch php5 taint support mysqlquery security technologies core grasp patch php5 taint support mysqlquery security technologies

blog comments powered by Disqus

Similar Posts

Community News: Official Press Release on Zend PHP5 Certification

Dan Horrigan's Blog: Security in FuelPHP

Christian Stocker's Blog: Profile XSLT transformations within PHP

Chris Shiflett\'s Blog: Essential PHP Security - Forms and URLs

Stuart Herbert's Blog: Arguments From The Boardroom, Not The Bedroom

Community Events

Don't see your event here?
Let us know!

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework