NYCPHP Meetup

[bz-gmort at beezifies.com]

David Krings wrote:
> Gary Mort wrote:
>> David Krings wrote:
>>> Exactly! All input is evil, even when it comes from your database 
>>> and your script. There is no good reason not to check input each and 
>>> every time, there are only bad excuses for not doing it.
>>>
>>
>> Well, by that token you should maintain a digital signature of every 
>> script that runs, and PHP should check those signatures before 
>> running the program.
> <snippy my irrelevant comments>
> But since when are scripts considered input?

If someone can access your database and feed bad data to it, than 
someone can access the filesystem and change php programs, data files, 
or executables. At a certain point you have to decide what aspects to 
trust and what ones to verify.  Making an informed decision to store a 
pre-sanitized bit of data in the database vs sanitizing it everytime is 
just that, an informed decision.  Not a bad excuse.  If you adopt a 
strict security first model(and for many companies they should do this, 
whether or not they do....) than to not take every step possible to 
secure the system is a bad excuse. 

We also have to make real world decisions, sanitizing all input from all 
sources is the best solution.  But if there are performance problems 
doing that, than looking into ways to cut down on the processing is one 
solution, based on budget for upgrading the server, load balancing, etc. 

-Gary