Re: Bug 62479

From: Date: Sun, 19 Jan 2014 20:59:32 +0000
Subject: Re: Bug 62479
References: 1 2 3 4 5 6 7  Groups: php.internals 
Request: Send a blank email to [email protected] to get a copy of this message 
Will Fitch wrote:

On Sun, Jan 19, 2014, at 02:15 AM, Lester Caine wrote:
Will Fitch wrote:

Then again, I didn't expect to have
a bug where single quotes are part of the password, so there's always a
surprise.


Leaving holes that can possibly be used by hackers is the problem here.
IF
someone finds an edge case that does not get handled their next step is
to see
if it can be exploited? Code review is not a matter of 'surprise' but
rather
'what have I missed that could be a problem'?
I agree.  However, this is more of a situation of not accounting for all
situations as opposed to introducing a security flaw.  As I told Stas,
I'm going to update to account for beginning/ending quotes.


Many of the edge cases that get missed are quite benign but some of them can be a surprise. It is perhaps a little surprising how some holes can be exploited, even when we thought they were safe :(

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk

Thread (12 messages)

« previous php.internals (#71278) next »