Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:29624 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 1881 invoked by uid 1010); 21 May 2007 15:14:55 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 1866 invoked from network); 21 May 2007 15:14:55 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 21 May 2007 15:14:55 -0000 Authentication-Results: pb1.pair.com smtp.mail=info@ch2o.info; spf=softfail; sender-id=softfail Authentication-Results: pb1.pair.com header.from=info@ch2o.info; sender-id=softfail Received-SPF: softfail (pb1.pair.com: domain ch2o.info does not designate 212.27.42.35 as permitted sender) X-PHP-List-Original-Sender: info@ch2o.info X-Host-Fingerprint: 212.27.42.35 smtp5-g19.free.fr Linux 2.4 (Google crawlbot) Received: from [212.27.42.35] ([212.27.42.35:43276] helo=smtp5-g19.free.fr) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 6C/9A-03101-C67B1564 for ; Mon, 21 May 2007 11:14:54 -0400 Received: from taris.localnet (stc92-2-82-228-136-150.fbx.proxad.net [82.228.136.150]) by smtp5-g19.free.fr (Postfix) with ESMTP id 403D043916; Mon, 21 May 2007 17:14:50 +0200 (CEST) X-Spam-Status: No, hits=0.0 required=4.0 tests=AWL: -0.187,BAYES_00: -1.665,HTML_30_40: 0.374, HTML_MESSAGE: 0.001,TOTAL_SCORE: -1.477 X-Spam-Level: Received: from localhost ([127.0.0.1]) by taris.localnet (Kerio MailServer 6.3.1) for stas@zend.com; Mon, 21 May 2007 17:14:49 +0200 To: "Stanislav Malyshev" , "Stefan Esser" Cc: David , internals@lists.php.net Reply-To: info@ch2o.info In-Reply-To: 465149FE.4070100@zend.com Message-ID: <20070521151449.58bf87d0@taris.localnet> Date: Mon, 21 May 2007 17:14:49 +0200 X-Mailer: Kerio MailServer 6.3.1 WebMail X-User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="-----------3e7f540bdfbffbb31e890fc4e1400619" Subject: Re: [PHP-DEV] Dismantling the lies... From: info@ch2o.info ("Mathieu CARBONNEAUX") -------------3e7f540bdfbffbb31e890fc4e1400619 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable =5F=5F=5F=5F=5F =20 From: Stanislav Malyshev [mailto:stas@zend.com] I don't think they are "not important", just that they are not important= =20 enough to want them fixed no matter the cost. Running shared hosted=20 server in a mode that relies on restricted code IMO is wrong anyway, a= nd=20 for non-shared environment these problems could be exploited only if= =20 specifically enabled by very badly written code. So when there's a=20 trade-off between having the language work better for 100% of cases or= =20 protect those who run broken code on their servers - the choice would = be=20 to make language run better. Again, that doesn't mean bugs shouldn't b= e=20 fixed - just the fix shouldn't make the situation worse.why not let th= e choise to the php user =3F with configurable option =3F if the user accept perfomance hit vs security, they configure the option= ... without run fast but without protection... it's juste a idea... Mathieu -------------3e7f540bdfbffbb31e890fc4e1400619--