Ilia Alshanetsky wrote:
I make a
decision I'd like to hear some feedback from other developers and users
of PHP on what they think.
Personally, I'd prefer to take filter out entirely from the 5.2 tree.
I would like to see it stay, this extension is the one that will finally
shut the "PHP IS INSECURE" crowd up.
The extension makes sense. The ease of coding PHP has been its greatest
asset and also its greatest flaw. Newbie coders can quickly make
something work and have a PHP/MySQL powered site with little knowledge.
Of course, when it comes to securing these sites these same people are
clueless. When I answer queries on #php (kill me) myself and others are
constantly fighting a battle to tell folks how to do simple things like
validating data from users, use prepared statements etc.
The filter extension will bring a simple interface to these users who
will be able to build more secure applications/sites without having to
write validation classes etc.
What form the extension finally takes is important for the future, but
for most developers out there using this stuff, it is important that it
stays. We can say to prospective clients "PHP has a full array of
security based functions to be sure your applications is <insert
buzzword> ready for real world use.
my $0.02
Kevin
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
