Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:46577
Return-Path: <ceo@l-i-e.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 64266 invoked from network); 31 Dec 2009 04:21:32 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 31 Dec 2009 04:21:32 -0000
Authentication-Results: pb1.pair.com header.from=ceo@l-i-e.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=ceo@l-i-e.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain l-i-e.com designates 67.139.134.202 as permitted sender)
X-PHP-List-Original-Sender: ceo@l-i-e.com
X-Host-Fingerprint: 67.139.134.202 o2.hostbaby.com FreeBSD 4.7-5.2 (or MacOS X 10.2-10.3) (2)
Received: from [67.139.134.202] ([67.139.134.202:1445] helo=o2.hostbaby.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 87/16-12956-BC62C3B4 for <internals@lists.php.net>; Wed, 30 Dec 2009 23:21:32 -0500
Received: (qmail 57091 invoked by uid 98); 31 Dec 2009 04:21:36 -0000
Received: from localhost by o2.hostbaby.com (envelope-from <ceo@l-i-e.com>, uid 1013) with qmail-scanner-2.05 
 (clamdscan: 0.88.7/10240.  
 Clear:RC:1(127.0.0.1):. 
 Processed in 0.074143 secs); 31 Dec 2009 04:21:36 -0000
Received: from localhost (HELO l-i-e.com) (127.0.0.1)
  by localhost with SMTP; 31 Dec 2009 04:21:35 -0000
Received: from webmail
        (SquirrelMail authenticated user ceo@l-i-e.com)
        by www.l-i-e.com with HTTP;
        Wed, 30 Dec 2009 22:21:35 -0600 (CST)
Message-ID: <1526.98.193.1262233295.squirrel@www.l-i-e.com>
In-Reply-To: <CB.80.12956.40B9B3B4@pb1.pair.com>
References: <C1.D3.26502.139D93B4@pb1.pair.com>
    <4B3B50C2.8080500@cschneid.com> <67.B7.30992.C146B3B4@pb1.pair.com>
    <4B3B7B84.8020906@lerdorf.com> <CB.80.12956.40B9B3B4@pb1.pair.com>
Date: Wed, 30 Dec 2009 22:21:35 -0600 (CST)
To: "Hans-Peter Oeri" <hp@oeri.ch>
Cc: internals@lists.php.net
User-Agent: Hostbaby Webmail
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: Re: [PHP-DEV] Re: Errors, Exceptions et al
From: ceo@l-i-e.com ("Richard Lynch")

On Wed, December 30, 2009 12:25 pm, Hans-Peter Oeri wrote:
> Hi!
>
> Rasmus Lerdorf wrote:
>
>> Yeah, good luck with that.  We have been imploring people for 10
>> years
>> to not have display_errors on in production with very little
>> success.
>
> I agree but am convinced at least part of that problem lies in the
> default php.ini, which - up to 5.2 - defaulted to display_errors=on!
> The
> average user - not configuring anything - got that default and
> probably
> got angry about production systems yelling secrets...

The problem is the average user got that and was happy with it, even
in production...

:-(

Keep in mind that PHP is *SO* easy that even a drummer can figure out
how to write a working script, no matter how bad the code is.

And then they toss it up on some server and have no problems for eons,
despite all the vulnerabilities, as they have no traffic to speak of.

Next thing you know, there are millions of sites like this, and
changing the default doesn't help.

People have customized php.ini and don't replace it if they can avoid
it, leaving the pre 5.2.x default in place forevermore.

-- 
Some people ask for gifts here.
I just want you to buy an Indie CD for yourself:
http://cdbaby.com/search/from/lynch