[fpc-devel] Dynamic codepages etc.
Mark Morgan Lloyd
markMLl.fpc-devel at telemetry.co.uk
Thu Dec 11 10:35:37 CET 2014
If my understanding is correct, under certain circumstances FPC now
considers the dynamic codepage of a string and propagates information
across operations.
I wonder whether this would be a good time to introduce some form of
taint marking, i.e. a flag indicating that a string is of external
origin which propagates until a (trusted) function asserts that it's
been fully checked?
(I've been planning to ask this for a few days, but have just noticed
http://hackaday.com/2014/04/04/sql-injection-fools-speed-traps-and-clears-your-record/
which might have been intended as an "April Fool" joke but still makes a
good point.)
--
Mark Morgan Lloyd
markMLl .AT. telemetry.co .DOT. uk
[Opinions above are the author's, not those of his employers or colleagues]
More information about the fpc-devel
mailing list