Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15381
Return-Path: <danielc@analysisandsolutions.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29553 invoked by uid 1010); 11 Mar 2005 21:37:13 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 29537 invoked from network); 11 Mar 2005 21:37:13 -0000
Received: from unknown (HELO korea.com) (127.0.0.1)
  by localhost with SMTP; 11 Mar 2005 21:37:13 -0000
X-Host-Fingerprint: 166.84.1.74 mail3.panix.com NetBSD 1.6Z (DF)
Received: from ([166.84.1.74:49600] helo=mail3.panix.com)
	by pb1.pair.com (ecelerity HEAD r(5124)) with SMTP
	id 77/44-31540-98F02324 for <internals@lists.php.net>; Fri, 11 Mar 2005 16:37:13 -0500
Received: from panix5.panix.com (panix5.panix.com [166.84.1.5])
	by mail3.panix.com (Postfix) with ESMTP id CC855981E1
	for <internals@lists.php.net>; Fri, 11 Mar 2005 16:37:10 -0500 (EST)
Received: (from analysis@localhost)
	by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j2BLbA017944
	for internals@lists.php.net; Fri, 11 Mar 2005 16:37:10 -0500 (EST)
Date: Fri, 11 Mar 2005 16:37:10 -0500
To: PHP Internals List <internals@lists.php.net>
Message-ID: <20050311213710.GA29902@panix.com>
References: <4231F330.6000705@prohost.org> <20050311212223.GA10370@panix.com> <42320D59.6010507@prohost.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <42320D59.6010507@prohost.org>
User-Agent: Mutt/1.4.2.1i
Subject: Re: [PHP-DEV] HALT Patch
From: danielc@analysisandsolutions.com (Daniel Convissor)

Hi Ilia:

On Fri, Mar 11, 2005 at 04:27:53PM -0500, Ilia Alshanetsky wrote:

> The data will not be parsed or output. When you need it you would make 
> the script open itself and read the (binary) data dump from the end of 
> the file and use it various creative ways.

Interesting.  I'm wondering about the security implications of this.  
This makes it very easy to use PHP as a means to propogate all sorts of 
nasty things.  Well, people could even do that today in one script by 
setting a variable to a base64 encoded string then decoding it.  None the 
less, putting binary data in PHP scripts gives me pause.

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409