Hi, 2012/4/12 Yasuo Ohgaki <yohg...@ohgaki.net>: > Hi, > > 2012/4/12 Chris Stockton <chrisstockto...@gmail.com>: >> Hello, >> >> On Wed, Apr 11, 2012 at 4:42 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote: >>> >>> Making sure how it behaves. >>> include $_GET['filename']; >>> gave free pass to system, right? >>> >>> Regards, >>> >> >> Why on earth do you insist on continually posting that horrid snippet >> of code lol? I can't help but to laugh and suspect that at this point >> you are trolling.. In case you are being serious, "include >> $_GET['filename'];" is _HORRIBLE_. It's _WRONG_. No one should do it. >> _EVER_. For any reason. If a developer is wise enough to use your >> corner case proposed fix to circumvent the "attack type" (aka >> developer negligence), he is wise enough to come up with a CORRECT >> solution. > > It seems you are not familiar with real world security. > All security issues are WRONG and/or MISTAKES and no one > should ever do. If security issues could go away by telling > no one should, there will be no incidents. > > Would let us show how could you teach and enforce self learning > teenagers, students, designers or anyone else? > > How could you stop VPS/Share Server users stop using WRONG > code from internet? > > I suppose you do have good methodology than I have. >
BTW, I'm asking him to make sure since I've wrote his RFC does not address this issue. So please don't bother if you have nothing useful to say. Regards, -- Yasuo Ohgaki -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
