Re: Bug 62479

From:	Will Fitch	Date:	Sun, 19 Jan 2014 18:06:46 +0000
Subject:	Re: Bug 62479
References:	1 2 3 4 5 6	Groups:	php.internals
Request:	Send a blank email to internals+get-71275@lists.php.net to get a copy of this message

On Sun, Jan 19, 2014, at 02:15 AM, Lester Caine wrote:
> Will Fitch wrote:
> > Then again, I didn't expect to have
> > a bug where single quotes are part of the password, so there's always a
> > surprise.
> 
> Leaving holes that can possibly be used by hackers is the problem here.
> IF 
> someone finds an edge case that does not get handled their next step is
> to see 
> if it can be exploited? Code review is not a matter of 'surprise' but
> rather 
> 'what have I missed that could be a problem'?

I agree.  However, this is more of a situation of not accounting for all
situations as opposed to introducing a security flaw.  As I told Stas,
I'm going to update to account for beginning/ending quotes.

> 
> -- 
> Lester Caine - G8HFL
> -----------------------------
> Contact - http://lsces.co.uk/wiki/?page=contact
> L.S.Caine Electronic Services - http://lsces.co.uk
> EnquirySolve - http://enquirysolve.com/
> Model Engineers Digital Workshop - http://medw.co.uk
> Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
> 
> -- 
> PHP Internals - PHP Runtime Development Mailing List
> To unsubscribe, visit: http://www.php.net/unsub.php
> 


   

Thread (12 messages)

• Will FitchSat, 18 Jan 2014 21:54:56 +0000
  • Stas MalyshevSun, 19 Jan 2014 01:45:49 +0000
    • Will FitchSun, 19 Jan 2014 01:52:33 +0000
      • Stas MalyshevSun, 19 Jan 2014 01:57:30 +0000
        • Will FitchSun, 19 Jan 2014 02:52:27 +0000
          • Lester CaineSun, 19 Jan 2014 10:15:14 +0000
            • Will FitchSun, 19 Jan 2014 18:06:46 +0000
              • Lester CaineSun, 19 Jan 2014 20:59:32 +0000
                • Will FitchSun, 19 Jan 2014 21:50:52 +0000
                  • Yasuo OhgakiMon, 20 Jan 2014 01:16:21 +0000
  • Pierre JoyeSun, 19 Jan 2014 08:03:24 +0000
    • Will FitchSun, 19 Jan 2014 18:04:17 +0000