Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:57629 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 61871 invoked from network); 2 Feb 2012 18:03:03 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 2 Feb 2012 18:03:03 -0000 Authentication-Results: pb1.pair.com header.from=smalyshev@sugarcrm.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=smalyshev@sugarcrm.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain sugarcrm.com designates 67.192.241.153 as permitted sender) X-PHP-List-Original-Sender: smalyshev@sugarcrm.com X-Host-Fingerprint: 67.192.241.153 smtp153.dfw.emailsrvr.com Linux 2.6 Received: from [67.192.241.153] ([67.192.241.153:46927] helo=smtp153.dfw.emailsrvr.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 24/C8-04454-7DFCA2F4 for ; Thu, 02 Feb 2012 13:03:03 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by smtp15.relay.dfw1a.emailsrvr.com (SMTP Server) with ESMTP id AEA95300286; Thu, 2 Feb 2012 13:03:00 -0500 (EST) X-Virus-Scanned: OK Received: by smtp15.relay.dfw1a.emailsrvr.com (Authenticated sender: smalyshev-AT-sugarcrm.com) with ESMTPSA id 5E3173702BA; Thu, 2 Feb 2012 13:02:15 -0500 (EST) Message-ID: <4F2ACFA7.9060800@sugarcrm.com> Date: Thu, 02 Feb 2012 10:02:15 -0800 Organization: SugarCRM User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: Reindl Harald CC: "internals@lists.php.net" References: <5FB5CFDA-6FE8-4C20-A9B9-7844ED96659B@nopiracy.de> <4F2A9378.70803@thelounge.net> <4F2AC9CA.2070308@sugarcrm.com> <4F2ACB02.9020309@thelounge.net> In-Reply-To: <4F2ACB02.9020309@thelounge.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] Suhosin patch disabled by default in Debian php5 builds From: smalyshev@sugarcrm.com (Stas Malyshev) Hi! > with many hundret active sessions was not a > single performance problem I'm not sure I understand what you are talking about here. Performance is a scale, not a trigger. If you lose 10% (totally invented number as an example) that doesn't mean you have 10 of "performance problems", it means you sites run 10% slower, you need 10% more servers, etc. > without bytecode-cache you have much more problems What bytecode cache has to do with it? Sounds like a non-sequitur. > >> thus may not be beneficial to the most users > > security is not beneficial to the most users? Please don't do that. I never said that security is not beneficial, and as you quoted me you know that and you know that "not beneficial" related to the performance hit the mitigation measures cost. > security is THE benefit for ALL users, especially in days where many > are running crap-code like Joomla/Wordpress with all sorts of plugins > throwing millions of warning if you run with E_ALL and E_STRCIT What the quality of the code of Joomla has to do with anything? Suhosin patches would not fix Joomla and most of the issues it helps with are totally unrelated to any user code at all. -- Stanislav Malyshev, Software Architect SugarCRM: http://www.sugarcrm.com/ (408)454-6900 ext. 227