+1 Not certain about a better solution but there are other methods of encrypting and decrypting session data. In a recent project I have been tasked with implementing a pdo stored procedure using mysql's aes functionality works well with or without the patch. In a lot of ways I think that is the benefit of any programming language. The tools exist, implement them right?
Jas On Feb 4, 2012, at 10:21 AM, John Crenshaw <johncrens...@priacta.com> wrote: > OK, All the mud slinging is getting really silly (on *both* sides). There's > no need to denigrate others because you don't agree with them. There's no > point in arguing about who isn't a team player or who works for which evil > multinational corporation. Nobody is attacking anybody else by suggesting > that Suhosin is or is not critical, and none of that really matters anyway. > > I may have missed something, but has anyone asked *why* the patch was > disabled? I think I could make a good guess, but I haven't seen even the > slightest hint of the actual reasons in this email chain (though I could > easily have missed it entirely). > > IMO we should try to focus on: > 1. What are the pros vs. cons of enabling the Suhosin patch by default? > 2. Why did the Debian team opt to disable it? > 3. Are there better solutions that should be considered and recommended? > > John Crenshaw > Priacta, Inc. > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
