FAQ
On Dec 1, 2015 4:50 PM, "Dmitry Stogov" wrote:
>
I think only big arrays coming from external sources should be checked.
I tend to agree here.

We discussed it with Remote last week. I was trying to explain why having a
crafted hash function for inputs may be better and safer. That includes
get/post/env/serialize/json and the likes.

The performance impact for these is most likely minimal for only them while
ensuring a better protection from a long term point of view.

I may be wrong and did not think much more than brainstorming about it. So
take it with a bit of salt :)

Search Discussions

Discussion Posts

Previous

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 30 of 30 | next ›
Discussion Overview
groupphp-internals @
categoriesphp
postedNov 26, '15 at 5:24p
activeDec 1, '15 at 4:41p
posts30
users14
websitephp.net

People

Translate

site design / logo © 2018 Grokbase