On 11-Jan-07, at 12:11 PM, Alain Williams wrote:
The discussion is how PHP can help them to discover problems in their
scripts. This is what led to Wietse Venema's suggestion about tainting
a few weeks ago. These may be things that members of this forum do not
feel that they need, but the ''quality'' of the majority of PHP
programmers is such that they would be of benefit.
To an extent it is an accolade to PHP that novice/... programmers can
use it do create applications, it just puts a greater burden on us
to do
what we can to protect them from their own problems.
The tools already exist, look at E_NOTICE for example. A good number
of PHP exploits are caused by register_globals + un-initialized vars.
If the developers of those apps tried to run their code with that
error reporting method enabled there would be far fewer security bugs
all around.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
