On Mon, 11 Apr 2005, John Peacock wrote:
Charlie Brady wrote:I don't think it's particularly stupid to trust your config file. If a cracker can take control of your config file, you have worse problems than lack of validation of the config file. To put it another way, "unusual values" pulled from (likely root owned) config files are not a very likely avenue of attack.
So you think that config() should just clean up the taint as a matter of course?
That would be one options. Allowing an optional regexp seemed reasonable to me - and not "stupid".
That seems even more magical than permitting the developer to tailer the de-taint regex to validate the expected values from the external files.
I would presume that some regex's might be overcomplicated.
If this is what you are advocating, why not just turn off tainting completely?
Taint is extremely valuable when dealing with untrusted data. Leave it on.
Sticking in a regexp for every config item might get more tedious than it is worth.
Except that because taint is turned on, more often than not the plugin has to cleanse the taint manually (and using a variety of methods)...
Which is why config() doing it (with or without a provided regexp) seems pragmatic to me.
Charlie
