Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27030
Return-Path: <iliaal@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 76751 invoked by uid 1010); 16 Dec 2006 02:14:25 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 76736 invoked from network); 16 Dec 2006 02:14:25 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 16 Dec 2006 02:14:25 -0000
Authentication-Results: pb1.pair.com header.from=iliaal@gmail.com; sender-id=pass; domainkeys=good
Authentication-Results: pb1.pair.com smtp.mail=iliaal@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 72.14.214.230 as permitted sender)
DomainKey-Status: good
X-DomainKeys: Ecelerity dk_validate implementing draft-delany-domainkeys-base-01
X-PHP-List-Original-Sender: iliaal@gmail.com
X-Host-Fingerprint: 72.14.214.230 hu-out-0506.google.com  
Received: from [72.14.214.230] ([72.14.214.230:30105] helo=hu-out-0506.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 60/41-10210-A3653854 for <internals@lists.php.net>; Fri, 15 Dec 2006 21:13:50 -0500
Received: by hu-out-0506.google.com with SMTP id 20so26380huc
        for <internals@lists.php.net>; Fri, 15 Dec 2006 18:13:12 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer:sender;
        b=fdOI0Y8YWIjOmp/kh9jH11cRP6mWHyEJ+NL+2QKpWhq5ODvnvdt+kGO/t861q40MDarcxUOGO1PnmCtlxTm0haZaTkwWKyu+KlSeW5Er3JBQEqL17RIP82pqOfVe4WOjurNdrIjsONeQqJbIJt5tQyKpG4P30M94y4crsKobh+4=
Received: by 10.48.216.8 with SMTP id o8mr848127nfg.1166235191544;
        Fri, 15 Dec 2006 18:13:11 -0800 (PST)
Received: from ?192.168.1.5? ( [74.108.69.82])
        by mx.google.com with ESMTP id z73sm17244120nfb.2006.12.15.18.13.09;
        Fri, 15 Dec 2006 18:13:10 -0800 (PST)
In-Reply-To: <45833C93.4020909@zend.com>
References: <20061215201448.B16D8BC1AB@spike.porcupine.org> <7AE00699-23C2-4759-A50C-3D94199DA85A@prohost.org> <45831090.1000704@zend.com> <18A7CF93-7BFD-4764-847D-6C107A62875E@prohost.org> <45831A87.6050301@zend.com> <EED341E1-CC7E-4573-BF76-1EE50B01C7A1@prohost.org> <45832B9B.2080109@zend.com> <8BC86061-CCC5-45C3-8C40-92B06ADBB117@prohost.org> <45832F71.2080503@zend.com> <7C8CB695-3E81-4009-9699-2499DBF7B366@prohost.org> <4583375C.5060302@zend.com> <2F093E93-7021-4C0F-A391-A99CBF080596@prohost.org> <45833C93.4020909@zend.com>
Mime-Version: 1.0 (Apple Message framework v752.3)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-ID: <87774C2D-1959-459A-B892-F2F6F6A5C676@prohost.org>
Cc: PHP internals <internals@lists.php.net>
Content-Transfer-Encoding: 7bit
Date: Fri, 15 Dec 2006 21:13:02 -0500
To: Stanislav Malyshev <stas@zend.com>
X-Mailer: Apple Mail (2.752.3)
Sender: Ilia Alshanetsky <iliaal@gmail.com>
Subject: Re: [PHP-DEV] Run-time taint support proposal
From: ilia@prohost.org (Ilia Alshanetsky)


On 15-Dec-06, at 7:23 PM, Stanislav Malyshev wrote:

>
>> Something that most servers do (almost 80% by recent stats).
>> http://www.nexen.net/images/stories/phpinfos/display_errors.png
>
> You mean "most of the servers that allow strangers to read their  
> phpinfo()"? I'm not surprised. You think if they expose their  
> phpinfo you can make it worse by seeing script path in error message?

It is not just the phpinfo() servers, it is very much a common case I  
assure you.

Ilia Alshanetsky