Re: Simple PHP scanning ..: msg#00033

On Sun, Mar 20, 2005 at 03:10:05AM +0100, Gerardo Di Giacomo wrote: > rats doesn't check the execution functions ... it just check the > backticks. And it doesn't check include and require families. We could > modify the rats database for PHP with these new checks... what do you > think? Steve? Modifying the database is less useful than it first appears because there's no notion of where things come from, and no differentiation between fixed (safe) strings, and variable arguments. Steve --

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: Simple PHP scanning .., Steve Kemp
Next by Date:	Re: Simple PHP scanning .., Uwe Hermann
Previous by Thread:	Re: Simple PHP scanning .., Steve Kemp
Next by Thread:	CONFIRM s03200356516661, apenguinlinux@xxxxxxxxxx
Indexes:	[Date] [Thread] [Top] [All Lists]

^^^ ADDITIONAL NAVIGATION ^^^

Recently Viewed:
emacs.dvc.devel... java.displaytag... ietf.rfc822/199... linux.altlinux.... redhat.fedora.r... python.ctypes/2... video.panorama/... freedesktop.xor... audio.emagic.lo... netbsd.devel.us... documentation.t... yellowdog.gener... gnome.mono.mono... bacula.user/200... shells.bash.bug... xfree86.devel/2... culture.bicycle... mozilla.devel.n... web.squid.gener... user-groups.gul... kde.amarok.bugs... org.user-groups... handhelds.linux... tex.context/200...

Home | blog view, Court Document Archive | USPTO Patent Archive (NEW!) | advertise | OSDir is an inevitable website. super tiny logo