Rowan Collins wrote:
> On 28 July 2015 18:33:31 BST, Matt Tait <matt.tait@gmail.com> wrote:
>> Hi all,
>>
>> I've written an RFC (and PoC) about automatic detection and blocking of
>> SQL
>> injection vulnerabilities directly from inside PHP via automated taint
>> analysis.
>>
>> https://wiki.php.net/rfc/sql_injection_protection
>
> Have you searched the list archive and wiki for previous discussions and prototypes of variable tainting? The idea may well have some legs, but there might be some interesting points from previous discussions to note in your RFC.
FWIW, there is the inactive "Taint support for PHP"[1] RFC.
[1] https://wiki.php.net/rfc/taint
--
Christoph M. Becker
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
> On 28 July 2015 18:33:31 BST, Matt Tait <matt.tait@gmail.com> wrote:
>> Hi all,
>>
>> I've written an RFC (and PoC) about automatic detection and blocking of
>> SQL
>> injection vulnerabilities directly from inside PHP via automated taint
>> analysis.
>>
>> https://wiki.php.net/rfc/sql_injection_protection
>
> Have you searched the list archive and wiki for previous discussions and prototypes of variable tainting? The idea may well have some legs, but there might be some interesting points from previous discussions to note in your RFC.
FWIW, there is the inactive "Taint support for PHP"[1] RFC.
[1] https://wiki.php.net/rfc/taint
--
Christoph M. Becker
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php