Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:27365
Return-Path: <mark@suso.org>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 68702 invoked by uid 1010); 11 Jan 2007 16:26:59 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 68686 invoked from network); 11 Jan 2007 16:26:59 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 11 Jan 2007 16:26:59 -0000
Authentication-Results: pb1.pair.com smtp.mail=mark@suso.org; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=mark@suso.org; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain suso.org designates 216.9.132.134 as permitted sender)
X-PHP-List-Original-Sender: mark@suso.org
X-Host-Fingerprint: 216.9.132.134 mail.suso.org Linux 2.5 (sometimes 2.4) (4)
Received: from [216.9.132.134] ([216.9.132.134:42734] helo=arvo.suso.org)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F4/74-42349-25566A54 for <internals@lists.php.net>; Thu, 11 Jan 2007 11:26:58 -0500
Received: by arvo.suso.org (Postfix, from userid 509)
	id 81E568805E; Thu, 11 Jan 2007 16:25:46 +0000 (GMT)
Date: Thu, 11 Jan 2007 16:25:45 +0000
To: Alain Williams <addw@phcomp.co.uk>
Cc: Stefan Esser <sesser@hardened-php.net>,
	Rasmus Lerdorf <rasmus@lerdorf.com>, internals@lists.php.net,
	kel@securityfocus.com
Message-ID: <20070111162545.GM26328@arvo.suso.org>
References: <20070111144144.GV15998@mint.phcomp.co.uk> <45A65B19.40900@lerdorf.com> <45A6600D.1090500@hardened-php.net> <20070111161731.GB15998@mint.phcomp.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070111161731.GB15998@mint.phcomp.co.uk>
User-Agent: Mutt/1.5.11
Subject: Re: [PHP-DEV] Comments on PHP security
From: mark@suso.org (Mark Krenz)

On Thu, Jan 11, 2007 at 04:17:31PM GMT, Alain Williams [addw@phcomp.co.uk] said the following:
> On Thu, Jan 11, 2007 at 05:04:30PM +0100, Stefan Esser wrote:
> 
> > PS: Stop the "We are secure" marketing and face reality
> 
> More to the point: ''We might be secure because we are careful experienced programmers'',
> however many of those who write in PHP are not careful and/or experienced, we should
> be looking to help those people - there are more of them than they are of us.
> 

 And for the programmers that write programs that require safe mode to
be off or don't provide a provision for having it on.  STOP telling your
users things like "If your webhost has safe mode on then they suck".
Safe mode is the only way to get around certain situations.  Get a clue.
You know who you are.

  Somehow I doubt any of these said programmers are on this list.
Shame.

 Mark


-- 
Mark S. Krenz
IT Director
Suso Technology Services, Inc.
http://suso.org/