On 12/29/11 2:42 PM, "Pierre Joye" <pierre....@gmail.com> wrote:
>On Thu, Dec 29, 2011 at 2:12 PM, Tom Worster <f...@thefsb.org> wrote: > >> Fair points but not germane to my main argument: I proposed that the >>base >> PHP API should allow the PHP programmer uniform access to the system's >>CS >> random byte source, which is CryptDevRandom on Windows. My proposal was >> countered by pointing out ways the runtime environment can be configured >> to provide access. I responded to that with the claim that the PHP >> programmer sometimes has no control over the runtime environment. I >> believe this should not prevent her from delivering portable, quality >> code. It is often somebody else's job to secure the runtime environment. > >You misunderstood my statements. They were about fixing some mistakes >you made in your initial posts and about showing that these features >are already available right now in any sane environments. Thanks for the clarification. >About having standard functions to do that is indeed a good thing, >while they won't rely on other methods and we are certainly not going >to reinvent the wheel to provide CS entropy sources out of the blue on >any supported platforms. That would be a mistake, almost like what >safe mode was. I completely agree. A programmer might resort to direct attempts to gather entropy as a last resort in a desperate situation. But this is certainly not PHP's job. Tom -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
