On Wed, 2003-03-26 at 10:39, Antony Dovgal wrote: > On Wed, 26 Mar 2003 01:30:11 -0800 (Pacific Standard Time) > Rasmus Lerdorf <[EMAIL PROTECTED]> wrote: > > > I don't see how it is in any way exploitable. > That's what I wanted to say indeed. > > IMHO it will be much better to move this extension to PECL and to > avoid such articles, having bad influence on PHP's image.
So you are proposing to move sockets to PECL, because the extension will not attract that much interest there and thus the possible security issues will not be revealed so fast? I agree with that up to a certain point, but technically this isn't a great solution: The issues should be fixed *before* moving it to PECL. Otherwise PECL will soon be a hazardous waste site for all sorts of PHP extensions that have more or less severe security problems ;-). - Martin -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
