On Tue, December 19, 2006 09:29, Lester Caine wrote: > Robert Cummings wrote: > >> On Tue, 2006-12-19 at 04:54 +0000, Lester Caine wrote: >> >>> Richard Lynch wrote: >>> >>>> On Sat, December 16, 2006 7:03 am, Lester Caine wrote: >>>> >>>>> Of cause many of us never go near the raw database calls anyway, >>>>> since we are using frameworks that carry out lot of the security >>>>> checks at a generic level - so I see little point adding more >>>>> checks at a level that major projects do not use anyway? >>>> Because some of us don't use the bloated frameworks, often because >>>> those who develop the bloated frameworks didn't do filtering >>>> properly, perhaps because they didn't have a taint mode to notify >>>> them that they were writing sub-standard code. :-) :-) :-) >>>> >>> The annoying thing is that PHP seems to be becoming the bloatware. >>> PHP4, >>> PHP5 incompatible versions, PHP6. Perhaps it would be nice to have a >>> PHPLite that we can work with and add just the bits we need rather >>> than having to manage updates which on the main add nothing to the >>> functionality that we are actually using? >> >> Go for it. Compile your own. Mod the source code. This is the power of >> open source. > > If I only had to support my own servers ..... > The problem is ISP's keep uploading the latest official releases and > then we have to fix the faults fast :( PHP is a *SERVICE* that other people > use and that service keeps getting broken - saying "Build your own" has no > relevance what so ever :( Heck this is why PHP4 will never die - and I > never used that.
Ignoring the fact that this is somewhat off-topic, why would ISPs use the Lite version as opposed to the "bloated" version? Their users want features, functions, they want PHP - why settle for the lesser version? If you don't want taint support, because you feel it's bloat, do --without-taint or disable it run-time (?) Personally I'd love taint support, it'd make me feel ten times safer when I code - knowing I didn't output tainted data, that I might output wrongfully untainted data, well that's my problem. // Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
