Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15382
Return-Path: <ilia@prohost.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 39865 invoked by uid 1010); 11 Mar 2005 21:43:59 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 39538 invoked from network); 11 Mar 2005 21:43:44 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Mar 2005 21:43:44 -0000
X-Host-Fingerprint: 70.85.46.36 unknown  
Received: from ([70.85.46.36:47751] helo=prohost.org)
	by pb1.pair.com (ecelerity HEAD r(5124)) with SMTP
	id FE/D4-31540-10112324 for <internals@lists.php.net>; Fri, 11 Mar 2005 16:43:35 -0500
Received: (qmail 31720 invoked from network); 11 Mar 2005 21:43:22 -0000
Received: from cpe00095beeab35-cm000f9f7d6664.cpe.net.cable.rogers.com (HELO ?192.168.1.101?) (69.196.31.219)
	by prohost.org with SMTP; 11 Mar 2005 21:43:22 -0000
Message-ID: <423210F9.905@prohost.org>
Date: Fri, 11 Mar 2005 16:43:21 -0500
User-Agent: Mozilla Thunderbird 1.0 - [MOOX M3] (Windows/20041208)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Daniel Convissor <danielc@analysisandsolutions.com>
CC: PHP Internals List <internals@lists.php.net>
References: <4231F330.6000705@prohost.org> <20050311212223.GA10370@panix.com> <42320D59.6010507@prohost.org> <20050311213710.GA29902@panix.com>
In-Reply-To: <20050311213710.GA29902@panix.com>
X-Enigmail-Version: 0.89.5.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] HALT Patch
From: ilia@prohost.org (Ilia Alshanetsky)

Daniel Convissor wrote:
> Interesting.  I'm wondering about the security implications of this.  
> This makes it very easy to use PHP as a means to propogate all sorts of 
> nasty things. 

You can already use PHP to propagate all sorts of nasty things, nothing 
changes in this respect.

> Well, people could even do that today in one script by 
> setting a variable to a base64 encoded string then decoding it.

Sure, BUT this approach makes the final file approximately %30 larger 
and any time it is executed this "data dump" as I like to refer to it 
will be parsed and stored in memory. Which makes this approach highly 
inefficient.

Ilia