Rasmus Lerdorf schrieb: > Adding a check on every refcount increase is a bit > scary for the performance folks. It may be that in most realworld cases > this is an acceptable performance tradeoff. We have to balance the > seriousness of the vulnerability against the performance cost of the > fix.
Sorry, but I don't agree with you. You have to think about people, who are concerned in performance. Performance is relevant in big web applications. And I think, that in such big applications security is one of the most important things. I think, no responsible person would decide to use php for a performance critical application when he/she knows, that there is a security leak. In this way, I'm sure, that security is more important. Mathias -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
