On 5/5/05, Gaal Yahas <[EMAIL PROTECTED]> wrote: > On Thu, May 05, 2005 at 01:32:56AM -0600, Luke Palmer wrote: > > And I don't think arguing in the name of "security" for the default > > case is going to buy us anything. Security doesn't come in scripts in > > any language for free; you have to walk through every line that sees > > the outside world and ask "is there any way somebody could exploit > > this?". And a "-" handler would be one of the things you'd have to > > routinely write, just like making sure they're not opening "; rm -rf > > /". > > Why are you scare-quoting something I never said?
I'm scare-quoting everything today for some reason. Sorry. The issue has come up before, and one of the main arguments was "it's more secure that way", which made so little sense, I thought that I'd argue against it again. Or something. Luke
