Tom Sommer wrote:
Ignoring the fact that this is somewhat off-topic, why would ISPs use the
Lite version as opposed to the "bloated" version? Their users want
features, functions, they want PHP - why settle for the lesser version?
If you don't want taint support, because you feel it's bloat, do
--without-taint or disable it run-time (?)
Personally I'd love taint support, it'd make me feel ten times safer when
I code - knowing I didn't output tainted data, that I might output
wrongfully untainted data, well that's my problem.
My concern with taint is that ISP's WILL switch it on in a mistaken
belief that it will help security. It's not simply a matter of *I* can
build it with or without these things. People are using MY stuff with
other ISP's and if it will not work *I* am the one who gets hassled to
fix it - and I've had enough of that already with PHP5 updates!
There have been suggestions about extra configuration .ini's and the
like, but personally I see this as an area where the TOOLS we are
developing with need the improved checking. Keeping them in line with
all the extras being bolted into PHP5 is bad enough. Can't we nail down
PHP5 and look at this topic as part of the PHP6 jump. Alternatively
taint is a module that has to be installed separately to a standard PHP5
update?
--
Lester Caine - G8HFL
-----------------------------
L.S.Caine Electronic Services - http://home.lsces.co.uk
Model Engineers Digital Workshop -
http://home.lsces.co.uk/ModelEngineersDigitalWorkshop/
Treasurer - Firebird Foundation Inc. - http://www.firebirdsql.org/index.php
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
