Sasha suggests me to implement these checkings in my script: IMHO that's not the good strategy.
You guys are probably good programmers, but my experience shows me that the "standard" PHP developper is not aware of security problems or he/she has not the time to finalize the scripts (time is money...). So I would like to provide a way to ensure some basic tests are made by PHP itself ! As an analogy I could talk about "mod_security" Apache module: it globalizes some tests before Apache calls the scripts and so minimizes the effort of the developpers that would always take care of user's input... Of course, good programmers always filter entries, but adding another security level is a good practive too... I could also say that my patch is a bit like the "safe mode": it is not perfect at all but, nertheless, it can be useful ! So, I will enhance the "patch" to make it less restrictive when testing the IP addresses and think about a strategy to handle AOL-like ISP... Cheers, Jerome -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
