The issue is that PHP does by default. http://foo.com/index.php?bar=baz&biz=boo&anonuser=data
This is true for nearly every PHP application, regardless of which application PHP is serving. The issue is even processing to see if we can discard these values already has them stored, and thus the attack has already taken place.
PHP and nearly every other web-application framework in existence.
Yes, MikeWarot, but how would capability-based security help here? In one case you have firmware updates on an embedded device, in another case you have an algorithmic complexity attack. Even if they would have totally prevented the prison PLC exploit, a 1/3 success rate is awfully poor for a "magic bullet".
At least the BFDL has come down on the right side of this one, which means that it will (eventually) get implemented in CPython.
« Older A Salvador Dali dinner party featuring unicorn hea... | Tubalr is a music video playin... Newer »
This thread has been archived and is closed to new comments
Buy a Shirt