Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:29337 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 10935 invoked by uid 1010); 8 May 2007 14:45:52 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 10905 invoked from network); 8 May 2007 14:45:52 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 8 May 2007 14:45:52 -0000 Authentication-Results: pb1.pair.com header.from=marauder@tiscali.it; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=marauder@tiscali.it; spf=unknown; sender-id=unknown Received-SPF: unknown (pb1.pair.com: domain tiscali.it does not designate 66.150.225.37 as permitted sender) X-PHP-List-Original-Sender: marauder@tiscali.it X-Host-Fingerprint: 66.150.225.37 dora.fastpath.it Linux 2.5 (sometimes 2.4) (4) Received: from [66.150.225.37] ([66.150.225.37:49324] helo=dora.fastpath.it) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6A/F5-10930-77580464 for ; Tue, 08 May 2007 10:13:13 -0400 Received: from aidi.santinoli.com (217-133-61-54.b2b.tiscali.it [217.133.61.54]) by dora.fastpath.it (Postfix) with ESMTP id 2BEA7F0A800A; Tue, 8 May 2007 16:13:02 +0200 (CEST) Received: by aidi.santinoli.com (Postfix, from userid 502) id 41050E600EC; Tue, 8 May 2007 16:13:02 +0200 (CEST) Date: Tue, 8 May 2007 16:13:02 +0200 To: Sara Golemon Cc: internals@lists.php.net Message-ID: <20070508141302.GB8126@aidi.santinoli.com> References: <20070507110833.GA27937@aidi.santinoli.com> <3668.209.254.223.2.1178573428.squirrel@www.l-i-e.com> <463FD459.9050801@php.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <463FD459.9050801@php.net> User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: [PHP-DEV] [PATCH] Passthrough MD5/SHA1 calculation of uploaded files From: marauder@tiscali.it (David Santinoli) On Mon, May 07, 2007 at 06:37:29PM -0700, Sara Golemon wrote: > Ditto Richard's comments about false-implications of security, but I'd > also like to add that *IF* folks decide on the whole that this is > worth adding, it should be done more generically than a setting for > md5 and a setting for sha1. I appreciate your suggestion. > If someone (for some reason) has ext/hash disabled (it's > enabled-by-default since 5.1.2), then they just won't get a hash. Or, we could resort to ext/standard/{md5|sha1} to make these two hashes always available, like the Session extension does. But this double strategy would complicate the code in rfc1867.c and yield very marginal gain. If there's enough interest in this, I will rework the patch according to Sara's hint. Cheers, David -- David Santinoli Tieffe Sistemi S.r.l. viale Piceno 21, Milano www.tieffesistemi.com tel. +39 02 45490882