Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27014
Return-Path: <stas@zend.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29304 invoked by uid 1010); 16 Dec 2006 00:25:05 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 29288 invoked from network); 16 Dec 2006 00:25:05 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Dec 2006 00:25:05 -0000
Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender)
X-PHP-List-Original-Sender: stas@zend.com
X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4)
Received: from [212.25.124.162] ([212.25.124.162:25621] helo=mail.zend.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BA/88-10210-99C33854 for <internals@lists.php.net>; Fri, 15 Dec 2006 19:24:30 -0500
Received: (qmail 9316 invoked from network); 16 Dec 2006 00:22:21 -0000
Received: from office.zend.office (HELO ?127.0.0.1?) (192.168.16.109)
  by internal.zend.office with SMTP; 16 Dec 2006 00:22:21 -0000
Message-ID: <45833C93.4020909@zend.com>
Date: Fri, 15 Dec 2006 16:23:47 -0800
Organization: Zend Technologies
User-Agent: Thunderbird 1.5.0.8 (Windows/20061025)
MIME-Version: 1.0
To: Ilia Alshanetsky <ilia@prohost.org>
CC: PHP internals <internals@lists.php.net>
References: <20061215201448.B16D8BC1AB@spike.porcupine.org> <7AE00699-23C2-4759-A50C-3D94199DA85A@prohost.org> <45831090.1000704@zend.com> <18A7CF93-7BFD-4764-847D-6C107A62875E@prohost.org> <45831A87.6050301@zend.com> <EED341E1-CC7E-4573-BF76-1EE50B01C7A1@prohost.org> <45832B9B.2080109@zend.com> <8BC86061-CCC5-45C3-8C40-92B06ADBB117@prohost.org> <45832F71.2080503@zend.com> <7C8CB695-3E81-4009-9699-2499DBF7B366@prohost.org> <4583375C.5060302@zend.com> <2F093E93-7021-4C0F-A391-A99CBF080596@prohost.org>
In-Reply-To: <2F093E93-7021-4C0F-A391-A99CBF080596@prohost.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Run-time taint support proposal
From: stas@zend.com (Stanislav Malyshev)


> Something that most servers do (almost 80% by recent stats).
> http://www.nexen.net/images/stories/phpinfos/display_errors.png

You mean "most of the servers that allow strangers to read their 
phpinfo()"? I'm not surprised. You think if they expose their phpinfo 
you can make it worse by seeing script path in error message?

-- 
Stanislav Malyshev, Zend Products Engineer
stas@zend.com  http://www.zend.com/