Thanks for the feedback Anthony,
This feature specifically addresses the points you raise; the feature allows
parameterized queries constructed with structural parts of the query inserted
from configuration variables, so long as the resulting query is a safe-const as
defined by this RFC.
If
Thanks for your feedback, Anthony.
I'll take a few of your points in turn.
With regards to the fact that not all SQL queries are directly
parameterizable, this is true. Structural parts of a query, such as table
names, column names and complex conditions are hard to parameterize with
vanilla
wrote:
All,
On Wed, Aug 5, 2015 at 10:40 AM, Julien Pauli jpa...@php.net wrote:
On Tue, Jul 28, 2015 at 7:33 PM, Matt Tait matt.t...@gmail.com wrote:
Hi all,
I've written an RFC (and PoC) about automatic detection and blocking of
SQL
injection vulnerabilities directly from inside PHP
a response, maybe its worth it :-)
Craig
--
http://news.php.net/php.internals/87346
From: Matt Tait
Reply: N/A
Original suggestion.
--
http://news.php.net/php.internals/87348
From: Rowan Collins
this (PHPMyAdmin being a good example). Again, this
is only relevant if the website has been explicitly configured to use this
feature.
Matt
On 30 July 2015 at 14:43, Scott Arciszewski sc...@paragonie.com wrote:
On Tue, Jul 28, 2015 at 1:33 PM, Matt Tait matt.t...@gmail.com wrote:
Hi all,
I've written
Hi all,
I've written an RFC (and PoC) about automatic detection and blocking of SQL
injection vulnerabilities directly from inside PHP via automated taint
analysis.
https://wiki.php.net/rfc/sql_injection_protection
In short, we make zend_strings track where their value originated. If it
Hi all,
I'm currently trying to reset my wiki.php.net password so I can propose an
RFC, but unfortunately I'm getting the following error messages when I
reset it via the page https://wiki.php.net/start?do=resendpwd:
! Unable to modify user data. Please inform the Wiki-Admin
!
To develop core security features, security enhancements and performance
enhancements for PHP Core (i.e. the C code for Zend and PHP Core, not PHP
extensions or PHP applications). Initially I\#039;ll be focusing on
integrating compiler and security level improvements to PHP binaries.
I have
Hi all,
I'm Matt Tait; a security researcher at Google, and I'm quite interested in
looking at and helping to build new security-related features within PHP;
i.e. features that reduce the likelihood that deployments of PHP end up
being hacked.
In the short term, I'm quite interested in looking
Interested in helping security-audit and add security-related features to PHP
core.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
10 matches
Mail list logo