Zeev Suraski wrote:
As such, I would consider:
- Saying tainting should not be enabled in production (avoid the false
sense of security people might have if they turn on tainting in
production).
- Not necessarily the fastest possible implementation, since it'd be
used for development purposes only.
- Consider making this a compile time option with significant overhead
and a big DO NOT ENABLE IN PRODUCTION, so that people have an even
clearer idea they shouldn't rely on it to find their bugs, and that in
fact it's just a helper tool, not unlike a strong IDE.
We could possibly even come up with a new name other than tainting so
that there is not prior perception as to what this feature is supposed
or not supposed to do.
Now that puts my own concern into the right light!
IPS's should never be running it?
--
Lester Caine - G8HFL
-----------------------------
L.S.Caine Electronic Services - http://home.lsces.co.uk
Model Engineers Digital Workshop -
http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
