Richard Lynch wrote:
On Sat, December 16, 2006 7:03 am, Lester Caine wrote:
Of cause many of us never go near the raw database calls anyway, since
we are using frameworks that carry out lot of the security checks at a
generic level - so I see little point adding more checks at a level
that
major projects do not use anyway?
Because some of us don't use the bloated frameworks, often because
those who develop the bloated frameworks didn't do filtering properly,
perhaps because they didn't have a taint mode to notify them that they
were writing sub-standard code.
:-) :-) :-)
The annoying thing is that PHP seems to be becoming the bloatware. PHP4,
PHP5 incompatible versions, PHP6. Perhaps it would be nice to have a
PHPLite that we can work with and add just the bits we need rather than
having to manage updates which on the main add nothing to the
functionality that we are actually using? Having to keep testing and
changing stable frameworks because they are no longer PC is becoming a
full time operation and distracting from improving the operation of
actual code. I've not fully tested 5.2 yet because of lack of time -
taint may tell me where things NOW need to be changed but it's yet
another "You *WILL* do it this way" :(
--
Lester Caine - G8HFL
-----------------------------
L.S.Caine Electronic Services - http://home.lsces.co.uk
Model Engineers Digital Workshop -
http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
