Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:25881 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 28980 invoked by uid 1010); 29 Sep 2006 06:36:11 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 28964 invoked from network); 29 Sep 2006 06:36:11 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 29 Sep 2006 06:36:11 -0000 Authentication-Results: pb1.pair.com smtp.mail=kevin@oceania.net; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=kevin@oceania.net; sender-id=unknown Received-SPF: error (pb1.pair.com: domain oceania.net from 64.251.31.245 cause and error) X-PHP-List-Original-Sender: kevin@oceania.net X-Host-Fingerprint: 64.251.31.245 unknown Received: from [64.251.31.245] ([64.251.31.245:40345] helo=swamp.oceania.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id A8/82-10950-9DEBC154 for ; Fri, 29 Sep 2006 02:36:10 -0400 Received: from oceania.net (241.192.220.203.dial.dynamic.acc01-lord-gla.comindico.com.au [203.220.192.241]) by swamp.oceania.net (8.13.4/8.13.4) with ESMTP id k8T6coX6019220 for ; Fri, 29 Sep 2006 16:38:51 +1000 Message-ID: <451CC0FE.4030702@oceania.net> Date: Fri, 29 Sep 2006 16:45:18 +1000 Reply-To: kevin@oceania.net User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: PHPdev Mailing List References: <9D21C7F4-5269-47C2-B574-F563B378A4CF@prohost.org> In-Reply-To: <9D21C7F4-5269-47C2-B574-F563B378A4CF@prohost.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Filter Vote From: kevin@oceania.net (Kevin Waterson) Ilia Alshanetsky wrote: > I make a > decision I'd like to hear some feedback from other developers and users > of PHP on what they think. > Personally, I'd prefer to take filter out entirely from the 5.2 tree. I would like to see it stay, this extension is the one that will finally shut the "PHP IS INSECURE" crowd up. The extension makes sense. The ease of coding PHP has been its greatest asset and also its greatest flaw. Newbie coders can quickly make something work and have a PHP/MySQL powered site with little knowledge. Of course, when it comes to securing these sites these same people are clueless. When I answer queries on #php (kill me) myself and others are constantly fighting a battle to tell folks how to do simple things like validating data from users, use prepared statements etc. The filter extension will bring a simple interface to these users who will be able to build more secure applications/sites without having to write validation classes etc. What form the extension finally takes is important for the future, but for most developers out there using this stuff, it is important that it stays. We can say to prospective clients "PHP has a full array of security based functions to be sure your applications is ready for real world use. my $0.02 Kevin