Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:59540
Return-Path: <keisial@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 70614 invoked from network); 9 Apr 2012 20:06:07 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Apr 2012 20:06:07 -0000
Authentication-Results: pb1.pair.com header.from=keisial@gmail.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=keisial@gmail.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.170 as permitted sender)
X-PHP-List-Original-Sender: keisial@gmail.com
X-Host-Fingerprint: 74.125.82.170 mail-we0-f170.google.com  
Received: from [74.125.82.170] ([74.125.82.170:37716] helo=mail-we0-f170.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id D1/E7-34074-E21438F4 for <internals@lists.php.net>; Mon, 09 Apr 2012 16:06:06 -0400
Received: by werh12 with SMTP id h12so3295399wer.29
        for <internals@lists.php.net>; Mon, 09 Apr 2012 13:06:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:cc:subject
         :references:in-reply-to:content-type:content-transfer-encoding;
        bh=dwcKsTOsRFfzJkFXdrglxaVr/jJNzzMLjQSkq76HNrE=;
        b=rkz+z5NQqzfjkw0eyTTS5ne33rfNu0UHCNBP7tjpOcMC4kPCKvQc0g3leuwD5YgsTX
         KmkymYEhkVzZT4nmYbt9VACkKNnUmUBNbMCdSEPJoMM4FrFqgdYMkMNVxUwaLBkCsvtn
         3+cfoSe11HbUlbHqUnfTYPxXzWUY42KfWSJxd+qwdcLn1FkyXUM4FxyYEYJuvaMUf4lk
         /BfmE4vMQPY6i3BB26wY+uClkhlHGR0VkUPaFblFYjfpbMP4VEowyzJ9dBkjUHH2I5H5
         K15FWpj6RXohMT5gW05KjIU4yxAOcNuxP3O/XuKLRLoSYFGY5H9jU2Qebzkj8yZKZuos
         Jm6A==
Received: by 10.216.145.194 with SMTP id p44mr4610794wej.38.1334001963483;
        Mon, 09 Apr 2012 13:06:03 -0700 (PDT)
Received: from [192.168.1.26] (123.Red-193-153-87.dynamicIP.rima-tde.net. [193.153.87.123])
        by mx.google.com with ESMTPS id u9sm32705572wix.0.2012.04.09.13.06.01
        (version=SSLv3 cipher=OTHER);
        Mon, 09 Apr 2012 13:06:02 -0700 (PDT)
Message-ID: <4F834266.6090503@gmail.com>
Date: Mon, 09 Apr 2012 22:11:18 +0200
User-Agent: Thunderbird
MIME-Version: 1.0
To: Yasuo Ohgaki <yohgaki@ohgaki.net>
CC: Tom Boutell <tom@punkave.com>, 
 PHP Internals <internals@lists.php.net>
References: <CAORXhGLk8=bJ2TEo0OCzQCacjtGG=ZWYNuXf8Uu8oMNEm2WQ1A@mail.gmail.com> <CAGa2bXYP0kNA5PyvmdjoHZO91t8AojG9FjUe4nbCHhGjn2=MPg@mail.gmail.com> <4F80C739.2060404@gmail.com> <CAGa2bXZSgV3bRPGMt6Esw16v3ErVMLVQy1fb8cZxdc=OokpXKg@mail.gmail.com> <CAL0xaBEpjhwTMFknx9nPYXqFGOqM9f2xRiBhcdb8NtPCsVL6sg@mail.gmail.com> <CAGa2bXaEZ1rkkQ1MTCQ8=eet9P9oAWXz-cPMe5wRhHfFJE8N8Q@mail.gmail.com> <CAORXhG+eg8kS9Xqyt4WdH0H5C6H5P09Uc9+U5LA0RWrs5iR5ow@mail.gmail.com> <CAGa2bXbtJ3ksL_iaeZ0+DGU5veKegNRS0LY1s=zrZVNwLLvt7Q@mail.gmail.com> <CAL0xaBGGFRqq9tkc33daKoqTNHsLNmgadkUEjJtrGGJsWfK+YQ@mail.gmail.com> <CAGa2bXZa=DS0YS2aL5nobGZif23qbCcAMQMaagdG2-HFffCiVg@mail.gmail.com> <A633CF2D7C7BED41B41F1E64F25507B806A5CDD5C0@MAILR001.mail.lan> <CAORXhGLa+P9_oy-hQZt6wjR5Fy1SjF9Y9ZweBdNjybkJaSc=RQ@mail.gmail.com> <CAGa2bXa3dGOwnFSu-DcgbM0-9z9gjYt4SrnLbR+81zSYKq+ipA@mail.gmail.com>
In-Reply-To: <CAGa2bXa3dGOwnFSu-DcgbM0-9z9gjYt4SrnLbR+81zSYKq+ipA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] PHP class files without <?php at the top
From: keisial@gmail.com (=?ISO-8859-1?Q?=C1ngel_Gonz=E1lez?=)

On 09/04/12 21:17, Yasuo Ohgaki wrote:
> Please do not tell me that programmer should
> learn not to, since it's  not a protection but education.
Hire a more competent programmer? If he writes such code,
he will be completely unaware of the subtleties of XSS, or how
SQL should be escaped, and his code is probably beyond
"protection". You're better served by rewriting it.


> If programmers/administrators could disable embed mode,
> then systems will be protected from vulnerable codes.
How do you enforce that the application you need doesn't rely on it?

Note: 'education' is also forbidden as you restricted it in the
previous question. :-)