David Krings wrote:
Gary Mort wrote:
David Krings wrote:
Exactly! All input is evil, even when it comes from your database
and your script. There is no good reason not to check input each and
every time, there are only bad excuses for not doing it.
Well, by that token you should maintain a digital signature of every
script that runs, and PHP should check those signatures before
running the program.
<snippy my irrelevant comments>
But since when are scripts considered input?
If someone can access your database and feed bad data to it, than
someone can access the filesystem and change php programs, data files,
or executables. At a certain point you have to decide what aspects to
trust and what ones to verify. Making an informed decision to store a
pre-sanitized bit of data in the database vs sanitizing it everytime is
just that, an informed decision. Not a bad excuse. If you adopt a
strict security first model(and for many companies they should do this,
whether or not they do....) than to not take every step possible to
secure the system is a bad excuse.
We also have to make real world decisions, sanitizing all input from all
sources is the best solution. But if there are performance problems
doing that, than looking into ways to cut down on the processing is one
solution, based on budget for upgrading the server, load balancing, etc.
-Gary
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
