Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:27058 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 77699 invoked by uid 1010); 17 Dec 2006 09:52:18 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 77684 invoked from network); 17 Dec 2006 09:52:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 17 Dec 2006 09:52:18 -0000 Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 212.25.124.162 as permitted sender) X-PHP-List-Original-Sender: stas@zend.com X-Host-Fingerprint: 212.25.124.162 mail.zend.com Linux 2.5 (sometimes 2.4) (4) Received: from [212.25.124.162] ([212.25.124.162:29871] helo=mail.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FF/30-10084-F2315854 for ; Sun, 17 Dec 2006 04:52:18 -0500 Received: (qmail 30883 invoked from network); 17 Dec 2006 09:23:29 -0000 Received: from unknown (HELO ?127.0.0.1?) (192.168.2.101) by internal.zend.office with SMTP; 17 Dec 2006 09:23:29 -0000 Message-ID: <45850CE8.8050201@zend.com> Date: Sun, 17 Dec 2006 01:24:56 -0800 Organization: Zend Technologies User-Agent: Thunderbird 1.5.0.8 (Windows/20061025) MIME-Version: 1.0 To: Ilia Alshanetsky CC: PHP internals References: <20061215201448.B16D8BC1AB@spike.porcupine.org> <7AE00699-23C2-4759-A50C-3D94199DA85A@prohost.org> <45831090.1000704@zend.com> <18A7CF93-7BFD-4764-847D-6C107A62875E@prohost.org> <45831A87.6050301@zend.com> <45832B9B.2080109@zend.com> <8BC86061-CCC5-45C3-8C40-92B06ADBB117@prohost.org> <45832F71.2080503@zend.com> <7C8CB695-3E81-4009-9699-2499DBF7B366@prohost.org> <4583375C.5060302@zend.com> <2F093E93-7021-4C0F-A391-A99CBF080596@prohost.org> <45833C93.4020909@zend.com> <87774C2D-1959-459A-B892-F2F6F6A5C676@prohost.org> <45835ABE.5040909@zend.com> <6526D55D-DC87-40D4-8335-CCB0FA810646@prohost.org> <45846491.6020101@zend.com> <7FD783B9-68A7-4EC7-B6C3-8DBC44A51597@prohost.org> In-Reply-To: <7FD783B9-68A7-4EC7-B6C3-8DBC44A51597@prohost.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Run-time taint support proposal From: stas@zend.com (Stanislav Malyshev) > someone created it for debugging and forgot to remove and the search > engine stumbled across it. It happens. OK, I was overreaching. But main point stays - problems of configuration are rarely solvable by automatic means, rather by education and choosing better defaults. If you run site in debug configuration, there's little we can do - debug configuration is _supposed_ to reveal information. However, there's a bunch we could do about errors of omission - e.g. people just not doing stuff which they should do because they forget or didn't check their code thorough enough. That is as if we had switch that says "production mode" which could filter out all info that could be potentially dangerous, etc. - it would help such phpinfo() people, if we solve chicken and egg problem of having them to actually turn the switch on :) BTW, may be an idea to think about too :) > I am saying that you should not try to outsmart the developer because > you assume you know best. Well, if you don't take me personally - I certainly don't - but collective judgment of the PHP group - that to some measure that is the way, we try to guess what developers need and steer the language accordingly. There's no way of not doing it - you always make choices to do or not to do certain feature and how to do it. -- Stanislav Malyshev, Zend Products Engineer stas@zend.com http://www.zend.com/