Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57629
Return-Path: <smalyshev@sugarcrm.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 61871 invoked from network); 2 Feb 2012 18:03:03 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 2 Feb 2012 18:03:03 -0000
Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 67.192.241.153 as permitted sender)
X-PHP-List-Original-Sender: smalyshev@sugarcrm.com
X-Host-Fingerprint: 67.192.241.153 smtp153.dfw.emailsrvr.com Linux 2.6
Received: from [67.192.241.153] ([67.192.241.153:46927] helo=smtp153.dfw.emailsrvr.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 24/C8-04454-7DFCA2F4 for <internals@lists.php.net>; Thu, 02 Feb 2012 13:03:03 -0500
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp15.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id AEA95300286;
	Thu,  2 Feb 2012 13:03:00 -0500 (EST)
X-Virus-Scanned: OK
Received: by smtp15.relay.dfw1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id 5E3173702BA;
	Thu,  2 Feb 2012 13:02:15 -0500 (EST)
Message-ID: <4F2ACFA7.9060800@sugarcrm.com>
Date: Thu, 02 Feb 2012 10:02:15 -0800
Organization: SugarCRM
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1
MIME-Version: 1.0
To: Reindl Harald <h.reindl@thelounge.net>
CC: "internals@lists.php.net" <internals@lists.php.net>
References: <CALjhHG_wYvJn-Z+x9fJUi+dgmZ+Ha9BD54N5VwhneJM4sg1xBQ@mail.gmail.com> <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <CAEZPtU7jtQTDNpUovxxnDdRunjH9BOdX=WbS8JcGz+5Wkz8ocw@mail.gmail.com> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2ACB02.9020309@thelounge.net>
In-Reply-To: <4F2ACB02.9020309@thelounge.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds
From: smalyshev@sugarcrm.com (Stas Malyshev)

Hi!

> with many hundret active sessions was not a
> single performance problem

I'm not sure I understand what you are talking about here. Performance 
is a scale, not a trigger. If you lose 10% (totally invented number as 
an example) that doesn't mean you have 10 of "performance problems", it 
means you sites run 10% slower, you need 10% more servers, etc.

> without bytecode-cache you have much more problems

What bytecode cache has to do with it? Sounds like a non-sequitur.

>
>> thus may not be beneficial to the most users
>
> security is not beneficial to the most users?

Please don't do that. I never said that security is not beneficial, and 
as you quoted me you know that and you know that "not beneficial" 
related to the performance hit the mitigation measures cost.

> security is THE benefit for ALL users, especially in days where many
> are running crap-code like Joomla/Wordpress with all sorts of plugins
> throwing millions of warning if you run with E_ALL and E_STRCIT

What the quality of the code of Joomla has to do with anything? Suhosin 
patches would not fix Joomla and most of the issues it helps with are 
totally unrelated to any user code at all.
-- 
Stanislav Malyshev, Software Architect
SugarCRM: http://www.sugarcrm.com/
(408)454-6900 ext. 227