March 29, 2012

tainted foolishness

You enable tainting checks, you hack some code to untaint the input, you run the code and no error message appears: you succeeded.

Did you?

No, of course you didn't: not triggering any tainted data warning (or error) doesn't guarantee that your code is "safe". It doesn't mean you can take untrusted input and handle it correctly. It doesn't mean there are no code arbitrary execution vulnerabilities, no XSS vulns, no SQL injections, you name it.

What does it mean then? that, is left as an exercise to the reader.

1 comment:

  1. I take it that you have a large spike attached to the steering wheel of your car, and no seat-belts, to ensure that you concentrate when driving -- is that right?