Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:71269
Return-Path: <lester@lsces.co.uk>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 9130 invoked from network); 19 Jan 2014 10:12:51 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 19 Jan 2014 10:12:51 -0000
Authentication-Results: pb1.pair.com header.from=lester@lsces.co.uk; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=lester@lsces.co.uk; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain lsces.co.uk from 217.147.176.204 cause and error)
X-PHP-List-Original-Sender: lester@lsces.co.uk
X-Host-Fingerprint: 217.147.176.204 mail4.serversure.net Linux 2.6
Received: from [217.147.176.204] ([217.147.176.204:45382] helo=mail4.serversure.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id AD/B7-61840-125ABD25 for <internals@lists.php.net>; Sun, 19 Jan 2014 05:12:50 -0500
Received: (qmail 4642 invoked by uid 89); 19 Jan 2014 10:12:46 -0000
Received: by simscan 1.3.1 ppid: 4636, pid: 4639, t: 0.0547s
         scanners: attach: 1.3.1 clamav: 0.96/m:52
Received: from unknown (HELO linux-dev4.lsces.org.uk) (lester@rainbowdigitalmedia.org.uk@81.138.11.136)
  by mail4.serversure.net with ESMTPA; 19 Jan 2014 10:12:46 -0000
Message-ID: <52DBA5B2.20304@lsces.co.uk>
Date: Sun, 19 Jan 2014 10:15:14 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0 SeaMonkey/2.23
MIME-Version: 1.0
To: internals@lists.php.net
References: <1390082096.14862.72482025.5D36E64F@webmail.messagingengine.com> <52DB2E4D.8000009@sugarcrm.com> <1390096353.18659.72527933.474C16A5@webmail.messagingengine.com> <52DB310A.9040506@sugarcrm.com> <1390099947.26938.72538325.1FDD1F20@webmail.messagingengine.com>
In-Reply-To: <1390099947.26938.72538325.1FDD1F20@webmail.messagingengine.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] Bug 62479
From: lester@lsces.co.uk (Lester Caine)

Will Fitch wrote:
> Then again, I didn't expect to have
> a bug where single quotes are part of the password, so there's always a
> surprise.

Leaving holes that can possibly be used by hackers is the problem here. IF 
someone finds an edge case that does not get handled their next step is to see 
if it can be exploited? Code review is not a matter of 'surprise' but rather 
'what have I missed that could be a problem'?

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk