Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:61003
Return-Path: <johannes@schlueters.de>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 28578 invoked from network); 27 Jun 2012 16:45:14 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 27 Jun 2012 16:45:14 -0000
Authentication-Results: pb1.pair.com header.from=johannes@schlueters.de; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=johannes@schlueters.de; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain schlueters.de from 217.114.211.66 cause and error)
X-PHP-List-Original-Sender: johannes@schlueters.de
X-Host-Fingerprint: 217.114.211.66 config.schlueters.de  
Received: from [217.114.211.66] ([217.114.211.66:60237] helo=config.schlueters.de)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id C2/F0-22531-8983BEF4 for <internals@lists.php.net>; Wed, 27 Jun 2012 12:45:13 -0400
Received: from [192.168.2.230] (ppp-93-104-14-41.dynamic.mnet-online.de [93.104.14.41])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(Client did not present a certificate)
	by config.schlueters.de (Postfix) with ESMTPSA id E9E7261C03;
	Wed, 27 Jun 2012 18:45:08 +0200 (CEST)
To: Anthony Ferrara <ircmaxell@gmail.com>
Cc: internals@lists.php.net
In-Reply-To: <CAAyV7nH6FCZUqrirJ0uOApuwR64Cky3cVnRfbrcjkZrpOKiN6w@mail.gmail.com>
References:
	 <CAAyV7nH6FCZUqrirJ0uOApuwR64Cky3cVnRfbrcjkZrpOKiN6w@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Wed, 27 Jun 2012 18:45:07 +0200
Message-ID: <1340815507.2802.9.camel@guybrush>
Mime-Version: 1.0
X-Mailer: Evolution 2.30.3 
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [DRAFT RFC] Adding Simplified Password Hashing API
From: johannes@schlueters.de (Johannes =?ISO-8859-1?Q?Schl=FCter?=)

Hi,

On Tue, 2012-06-26 at 11:25 -0400, Anthony Ferrara wrote:
> https://wiki.php.net/rfc/password_hash

Some comments on the "error behavior" part:

    E_WARNING - When CRYPT is not included in core (was disabled
    compile-time, or is listed in disabled_functions declaration)

Disabling a different function should have no effect. This is not
intuitive. If crypt is a dependency and is not available this function
shouldn't be available either.

    E_WARNING - When supplied an incorrect number of arguments.
    E_WARNING - When supplied a non-string first parameter (password)

This should follow common semantics of zend_parse_parameters(... "s").
i.e. it has to support objects with __toString(). Also other scalars are
fine. (if they can be casted to string)

    E_WARNING - If a non-string salt option is provided

As above.

    If any error is raise, false is returned by the function. 

In http://de.php.net/functions.internal it is documented that internal
functions return NULL on error during parameter parsing. New exceptions
for that should have a good reason.

These things are all minor and you might consider them bad, but then
change it globally, not by adding new inconsistencies.

johannes