Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:120719
Return-Path: <danack@basereality.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 65704 invoked from network); 29 Jun 2023 17:08:14 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 29 Jun 2023 17:08:14 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id C777D1804AC
	for <internals@lists.php.net>; Thu, 29 Jun 2023 10:08:13 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <danack@basereality.com>
Received: from mail-ed1-f51.google.com (mail-ed1-f51.google.com [209.85.208.51])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Thu, 29 Jun 2023 10:08:13 -0700 (PDT)
Received: by mail-ed1-f51.google.com with SMTP id 4fb4d7f45d1cf-51d80c5c834so1576334a12.1
        for <internals@lists.php.net>; Thu, 29 Jun 2023 10:08:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=basereality-com.20221208.gappssmtp.com; s=20221208; t=1688058492; x=1690650492;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=ToqEfROPLdPRcrqbYEBS/iIlhS7O3cTEg3W9T66nYyc=;
        b=utTkjcqEhNX4OB6UP5Tl+edLsCIigP9RH+6fT49ZlPj7bUqnAkqpKxuzVUiybFTv0k
         F34iR17eyrtwyYpLSGqE8VbHJBhqakmbd2Z/pXtQmp++0hDmuPrKbAcWt/MDpzcaQctg
         bkqse1p29xHA2EbzKHwCTHqNWEIOjCHNyjdfh1u1Ct9wotF+r42/avfN07QI2ZjYQjlx
         WLHktQoVgNKBp/RA7VAe13TLVFzF9f2QSJOypFYcUcmBLCSUUcZiz08P9+7cxETVEn1K
         ybSKRTXIZWSxKZ0ZGilOkNNX7kZ+kze4GsYoyEhiTdaZk/inOniXaxVSF97TobfTM8Cn
         Df5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1688058492; x=1690650492;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ToqEfROPLdPRcrqbYEBS/iIlhS7O3cTEg3W9T66nYyc=;
        b=gEbc73oyWGBbkUgBwar49bZ2e2l1lv0w/m1TH7Ot83oxpbtaWu8Pnam3FZKcEc+K6S
         ByPJdkg9E8Dq8dMjL7e7s1v0RgK8Jdt96Mf75/ItcCTr4HPkl4zY2s3qPJXw82KCXoRp
         7rPY15M/BuN9/o1ZQdBSgvM9cGvQ0KgPjQX7VxXcrnx2mS8vJIVVSttnhalKr0LRdtAd
         XZBpwIEzMqJFYA+XebdLQRMYytJm2kDtDcqJZtZmewXLg32xrsk+d9fsvYWzxGvOtE35
         EvEAsjoTOjfI3QOGdTO/e6bw6rE98qK6NBl6BVGAdvnIqgggTmmzrCu/5rubZCZQxmwc
         nzPw==
X-Gm-Message-State: AC+VfDxrVxgIvUj3IFIFjqcwerRwtNbAszj4ijxNrO3i7Oki0Tybxq5B
	gr0+/a71gp3NWnF9ZtUB3wBmHTvUzcNOyTYEgxAOlLI8zidQYWNom8g=
X-Google-Smtp-Source: ACHHUZ7oVBmdM17hyXaaKa7novSPaxLmyklbN6ar+OUEyreUEaKYfgY2PbDKvCI9DrVgg2Pw+Pvh54f1rx5KF9uUsqU=
X-Received: by 2002:a05:6402:4302:b0:51a:409f:a0bd with SMTP id
 m2-20020a056402430200b0051a409fa0bdmr5208826edc.19.1688058491564; Thu, 29 Jun
 2023 10:08:11 -0700 (PDT)
MIME-Version: 1.0
References: <CA+kxMuTccYGT7fH+8u7N+iZtFzd3yZviu+1_+Afs01YvE5YvQg@mail.gmail.com>
 <20230629123944.35fc71a7@platypus>
In-Reply-To: <20230629123944.35fc71a7@platypus>
Date: Thu, 29 Jun 2023 18:08:00 +0100
Message-ID: <CA+kxMuQY-DZLHoYuzB8VbqZ+qtEonc5QHtp9xhHRWtM6K+mLwA@mail.gmail.com>
To: BohwaZ <php@bohwaz.net>
Cc: internals@lists.php.net
Content-Type: text/plain; charset="UTF-8"
Subject: Re: [PHP-DEV] PDO Subclasses coming to vote soon.
From: Danack@basereality.com (Dan Ackroyd)

On Thu, 29 Jun 2023 at 11:40, BohwaZ <php@bohwaz.net> wrote:
>
> I'm sorry to disagree, but changing this would be a bad idea for
> security.
>
> I'm quite sure that I never want users to be able to load any
> extension through SQL, or it would mean trouble :(
>
> So just like in the SQLite3 extension, extension loading should be
> limited to using the PHP method, not SQL.

Yes?

I think you possibly misread my email.

Danack wrote:
>
> As that means that SQLite extensions can only be loaded through C code
> (not through SQL),

aka the Sqlite people improved the api around extension loading since
it was implemented in the Sqlite3 extension
https://www.sqlite.org/c3ref/load_extension.html

So the only way to load an extension would be through the PHP
loadExtension method, it wouldn't be possible to load one through SQL.

> it would be great to also have

Sorry, I am in too much pain to look at those before the deadline.
There is always 8.4 https://www.youtube.com/watch?v=wccRif2DaGs .

cheers
Dan
Ack