As it won't be accepted into the main tree, if it were possible to write
your patch as a self-contained PHP extension, then you could develop it in
PECL. I haven't taken a look at the code to see if that's possible.
Andi
At 10:09 AM 4/8/2004 +0200, inodes wrote:
It is obvious my proposal is cons
It is obvious my proposal is considered as a very bad idea to most of view
;-)
But my goal is not to ask for a definitive patch for PHP, so I probably made
a mistake by posting the initial message in this mailing list...
I just offer this patch for admins who manage applications developped by
oth
On Apr 7, 2004, at 9:48 PM, Jochem Maas wrote:
Sean Coates wrote:
While I like that your patch can be turned on and off in the INI,
this sounds much more like an application-level problem, and thus
should be implemented at the application level.
Loads of people have actually put stuff out that
Sean Coates wrote:
While I like that your patch can be turned on and off in the INI, this
sounds much more like an application-level problem, and thus should be
implemented at the application level.
Loads of people have actually put stuff out that does this...
^
|
Other tests cou
Derick Rethans wrote:
PHP's generated from remote ID, process id, time and some randomness;
and then MD5'ed. That's 'better' then your random/MD5 based approach as
it's even less likely to result in collisions.
How can you tell without knowing what my source of random data is? And
no, I'm not worr
On Wed, 7 Apr 2004, Chris Shiflett wrote:
> --- Christian Schneider <[EMAIL PROTECTED]> wrote:
> > I decided to say "If X knows the session ID of User A then he _is_ A".
>
> This isn't a good approach, but you can bring this up on php-general to
> discuss why. I'm sure plenty of people will be hap
--- Christian Schneider <[EMAIL PROTECTED]> wrote:
> I decided to say "If X knows the session ID of User A then he _is_ A".
This isn't a good approach, but you can bring this up on php-general to
discuss why. I'm sure plenty of people will be happy to discuss it.
> (Side note: I use my own random
Inodes wrote:
You guys are probably good programmers, but my experience shows me that the
"standard" PHP developper is not aware of security problems or he/she has
not the time to finalize the scripts (time is money...).
The problem with your patch is twofold:
1) It breaks for some users under rare
While I like that your patch can be turned on and off in the INI, this
sounds much more like an application-level problem, and thus should be
implemented at the application level.
MHO.
S
inodes wrote:
I agree with all your arguments: the IP-base solution IS NOT perfect.
It is not generic enou
Sasha suggests me to implement these checkings in my script: IMHO that's not
the good strategy.
You guys are probably good programmers, but my experience shows me that the
"standard" PHP developper is not aware of security problems or he/she has
not the time to finalize the scripts (time is money.
> It is not generic enough to be implemented in world-wide application, but it
> can be useuful for intranet or extranets. That's to say cases when you know
> the infrastructure used by the clients to connect to your server support
> this strategy.
If you want this feature, implement it in you
I agree with all your arguments: the IP-base solution IS NOT perfect.
It is not generic enough to be implemented in world-wide application, but it
can be useuful for intranet or extranets. That's to say cases when you know
the infrastructure used by the clients to connect to your server support
th
12 matches
Mail list logo
