All it means is extra work for developers with little or no tangible benefits. I also wonder how taint will work with the standard remove/add
Security is benefit. Of course, the developers that are sure they write secure code anyway need not be bothered by tainting and can leave it off forever.
The job of a language is to provide tools, not arbitrary crippling limitation under the guise of security improvement.
I agree. Tainting is one of such tools, aimed at improving security.
safe_mode sounded like a really reasonable idea too, I would've hoped some lessons from past mistakes could be made.
I do not see what exactly you propose to learn from safe mode mistakes - that we should never try to improve PHP security by providing language level tools? I do not see how this can be derived from whatever was wrong with safe mode. It may be that the tainting would not catch but I do not think safe mode problems should prevent us from even trying.
-- Stanislav Malyshev, Zend Products Engineer [EMAIL PROTECTED] http://www.zend.com/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
