2008/4/24 Wietse Venema <[EMAIL PROTECTED]>:
> FYI, > > Taint support for PHP 5.2.5 has been updated. The 20080423 version > improves support for PCRE, and fixes a harmless read-after-free bug. > > The primary goal of this code is to help PHP application programmers > find and eliminate opportunities for HTML script injection, SQL or > shell code injection, or PHP control hijacking. It's off by default, > but can be configured to produce warnings or to terminate execution. > > User-mode "make test" run-time overhead is 0.5-1.5%, as measured > on two different CPUs with the same OS and the same PHP executables. > The bench.php overhead is 2%, and presents a worst-case number for > compute-bound PHP applications that spend their entire life iterating > over tiny loops. > > For more info, you can find links off http://wiki.php.net/rfc/taint/ > > I presented a talk this week to the NYPHP users group. You can find > a copy of my slides at http://www.nyphp.org/content/presentations/ > > Wietse > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > I just can't express my feelings about this extension. It's just fantastic. Can't wait untill it's going stable and added to PECL, I have code witch is needed to be tested exactly with this extension :)
