Re: Bug 62479
On Sun, Jan 19, 2014, at 12:59 PM, Lester Caine wrote:
> Will Fitch wrote:
> > On Sun, Jan 19, 2014, at 02:15 AM, Lester Caine wrote:
> >> >Will Fitch wrote:
> >>> > >Then again, I didn't expect to have
> >>> > >a bug where single quotes are part of the password, so there's
> >>> > >always a
> >>> > >surprise.
> >> >
> >> >Leaving holes that can possibly be used by hackers is the problem here.
> >> >IF
> >> >someone finds an edge case that does not get handled their next step is
> >> >to see
> >> >if it can be exploited? Code review is not a matter of 'surprise' but
> >> >rather
> >> >'what have I missed that could be a problem'?
> > I agree. However, this is more of a situation of not accounting for all
> > situations as opposed to introducing a security flaw. As I told Stas,
> > I'm going to update to account for beginning/ending quotes.
>
> Many of the edge cases that get missed are quite benign but some of them
> can be
> a surprise. It is perhaps a little surprising how some holes can be
> exploited,
> even when we thought they were safe :(
Well said. :)
>
> --
> Lester Caine - G8HFL
> -----------------------------
> Contact - http://lsces.co.uk/wiki/?page=contact
> L.S.Caine Electronic Services - http://lsces.co.uk
> EnquirySolve - http://enquirysolve.com/
> Model Engineers Digital Workshop - http://medw.co.uk
> Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
>
> --
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
>
Thread (12 messages)