Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:50362
Return-Path: <johannes@schlueters.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 27571 invoked from network); 18 Nov 2010 16:44:40 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 18 Nov 2010 16:44:40 -0000
Authentication-Results: pb1.pair.com smtp.mail=johannes@schlueters.de; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=johannes@schlueters.de; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain schlueters.de from 217.114.211.66 cause and error)
X-PHP-List-Original-Sender: johannes@schlueters.de
X-Host-Fingerprint: 217.114.211.66 ns.km36107.keymachine.de Solaris 10 (beta)
Received: from [217.114.211.66] ([217.114.211.66:62585] helo=config.schlueters.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 2E/5B-01108-7F755EC4 for <internals@lists.php.net>; Thu, 18 Nov 2010 11:44:40 -0500
Received: from [192.168.1.31] (ppp-93-104-35-134.dynamic.mnet-online.de [93.104.35.134])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by config.schlueters.de (Postfix) with ESMTPSA id 837D644D6B;
	Thu, 18 Nov 2010 17:44:32 +0100 (CET)
To: Arvids Godjuks <arvids.godjuks@gmail.com>
Cc: PHP Internals List <internals@lists.php.net>
In-Reply-To: <AANLkTi==Oy-Y4UeEyT19LZ9YG0QRwZ=MU2MSa-fGcjTn@mail.gmail.com>
References: <AANLkTin3-7w6wmFHvX+T+xoCF5HxSB=sSt4vYnkPW4y-@mail.gmail.com>
	 <6628E909-5B8E-4FB4-A28F-ECAF7FCA27AB@roshambo.org>
	 <201011172340.37217.larry@garfieldtech.com>
	 <20101118162047.GA26431@panix.com> <1290097549.16819.180.camel@guybrush>
	 <4CE5542A.6070106@lerdorf.com>
	 <AANLkTi==Oy-Y4UeEyT19LZ9YG0QRwZ=MU2MSa-fGcjTn@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Thu, 18 Nov 2010 17:44:30 +0100
Message-ID: <1290098671.16819.183.camel@guybrush>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.2 
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Magic quotes in trunk
From: johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

On Thu, 2010-11-18 at 18:34 +0200, Arvids Godjuks wrote:
> As I remember correctly - taint's are designed to be used while developing.
> 
> They can be used in production (and 4-5% performance hit for the
> security isn't much until you run something really big), but mostly
> people will test it out on dev and deploy on production without
> taints.
> Still, I'd like to see them implemented allready. Will be one big + for PHP :)

For people with proper development environments removing magic_quotes is
a great thing. They (hopefully) know better what they are doing. The
issue are users who have no idea what they are doing. So a
development-only feature won't help.

johannes