Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15388
Return-Path: <danielc@analysisandsolutions.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 79086 invoked by uid 1010); 11 Mar 2005 22:14:49 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 79067 invoked from network); 11 Mar 2005 22:14:49 -0000
Received: from unknown (HELO pb1.pair.com) (127.0.0.1)
  by localhost with SMTP; 11 Mar 2005 22:14:49 -0000
X-Host-Fingerprint: 166.84.1.73 mail2.panix.com FreeBSD 4.8-5.1 (or MacOS X 10.2-10.3)
Received: from ([166.84.1.73:55006] helo=mail2.panix.com)
	by pb1.pair.com (ecelerity HEAD r(5124)) with SMTP
	id DB/68-31540-95812324 for <internals@lists.php.net>; Fri, 11 Mar 2005 17:14:49 -0500
Received: from panix5.panix.com (panix5.panix.com [166.84.1.5])
	by mail2.panix.com (Postfix) with ESMTP id B77DAA6F8A
	for <internals@lists.php.net>; Fri, 11 Mar 2005 17:14:40 -0500 (EST)
Received: (from analysis@localhost)
	by panix5.panix.com (8.11.6p3/8.8.8/PanixN1.1) id j2BMEep05257
	for internals@lists.php.net; Fri, 11 Mar 2005 17:14:40 -0500 (EST)
Date: Fri, 11 Mar 2005 17:14:40 -0500
To: PHP Internals List <internals@lists.php.net>
Message-ID: <20050311221440.GA12230@panix.com>
References: <4231F330.6000705@prohost.org> <20050311212223.GA10370@panix.com> <42320D59.6010507@prohost.org> <20050311213710.GA29902@panix.com> <423210F9.905@prohost.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <423210F9.905@prohost.org>
User-Agent: Mutt/1.4.2.1i
Subject: Re: [PHP-DEV] HALT Patch
From: danielc@analysisandsolutions.com (Daniel Convissor)

On Fri, Mar 11, 2005 at 04:43:21PM -0500, Ilia Alshanetsky wrote:
> Daniel Convissor wrote:
> >Interesting.  I'm wondering about the security implications of this.
> >This makes it very easy to use PHP as a means to propogate all sorts of
> >nasty things.
>
> You can already use PHP to propagate all sorts of nasty things, nothing
> changes in this respect.
>
> >Well, people could even do that today in one script by
> >setting a variable to a base64 encoded string then decoding it.
>
> Sure, BUT this approach makes the final file approximately %30 larger
... snip...

No doubt.  My second point was more to diminish my initial assertion, not
to diminish the validity of your patch.

Thanks,

--Dan

-- 
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
            data intensive web and database programming
                http://www.AnalysisAndSolutions.com/
 4015 7th Ave #4, Brooklyn NY 11232  v: 718-854-0335 f: 718-854-0409