Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:27032 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 89561 invoked by uid 1010); 16 Dec 2006 02:34:32 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 89546 invoked from network); 16 Dec 2006 02:34:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Dec 2006 02:34:32 -0000 Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender) X-PHP-List-Original-Sender: stas@zend.com X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4) Received: from [212.25.124.162] ([212.25.124.162:60972] helo=mail.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id E4/93-10210-73B53854 for ; Fri, 15 Dec 2006 21:34:32 -0500 Received: (qmail 27269 invoked from network); 16 Dec 2006 02:32:58 -0000 Received: from office.zend.office (HELO ?127.0.0.1?) (192.168.16.109) by internal.zend.office with SMTP; 16 Dec 2006 02:32:58 -0000 Message-ID: <45835ABE.5040909@zend.com> Date: Fri, 15 Dec 2006 18:32:30 -0800 Organization: Zend Technologies User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Ilia Alshanetsky CC: PHP internals References: <20061215201448.B16D8BC1AB@spike.porcupine.org> <7AE00699-23C2-4759-A50C-3D94199DA85A@prohost.org> <45831090.1000704@zend.com> <18A7CF93-7BFD-4764-847D-6C107A62875E@prohost.org> <45831A87.6050301@zend.com> <45832B9B.2080109@zend.com> <8BC86061-CCC5-45C3-8C40-92B06ADBB117@prohost.org> <45832F71.2080503@zend.com> <7C8CB695-3E81-4009-9699-2499DBF7B366@prohost.org> <4583375C.5060302@zend.com> <2F093E93-7021-4C0F-A391-A99CBF080596@prohost.org> <45833C93.4020909@zend.com> <87774C2D-1959-459A-B892-F2F6F6A5C676@prohost.org> In-Reply-To: <87774C2D-1959-459A-B892-F2F6F6A5C676@prohost.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Run-time taint support proposal From: stas@zend.com (Stanislav Malyshev) > It is not just the phpinfo() servers, it is very much a common case I > assure you. Well, people leaving such things in their servers should deal with it first, then get to talk about real security :) No solution can help a person who deliberately configures his server wide open. We are talking about people that _try_ to do it secure and we may help them. For those who even doesn't try, well... -- Stanislav Malyshev, Zend Products Engineer stas@zend.com http://www.zend.com/