As a casual observer of this thread, this was the explanation that
really clarified the prior posts for me.
I think having option 3 (enforcement mode) would be great, however, if
everybody is tripping up on mis-managing expectations then I'd suggest a
play on semantics by calling it something else e.g. 'force filter
attempts'.
Doing this is trivial but how you name it can go a long way to how it is
perceived...not to mention continuing the tradition of great comments in
the php.ini.
--Tony
Zeev Suraski wrote:
Wietse,
What mostly everyone is discussing here in the last few days is really
an issue of perception. If we have mode 3, it means we imply that
enabling magically secures your application, irregardless of whether we
believe that or not.
I don't like mode 3 because I don't want to set expectations that we
know we can't fulfill. Tainting can help you fix certain problems in
your code, and help you create more secure applications. "Helping you
create a more secure app" means we pitch it as a development tool that
helps you - it's a huge difference from saying it in itself increases
the security of applications, which positions it as a safety net that
protects you.
Thankfully, since the implementation is pretty much identical between
mode 2 and 3 (pretty much the difference would be using different error
levels), so we can discuss it again once the implementation is ready.
Zeev
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
