Hello,
One thing though that I thought about: Chapter 4 of RFC 3062 explicitly > states that this function should only be available with confidentially > support like TLS. So perhaps we should check whether the data will be > transfered via a secure connection and - if not - raise an error?
Hum I get the idea but is that really our place? I mean the API won’t prevent you from storing password without hashing for instance. And people can use ldap_modify to change the password without TLS, which is equally dangerous IMO. For me it should be possible, and useful at least for tests.
Prefer TLS is good, but is TLS also required on internal networks (e.g. docker)?
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
