Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:87481 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 62187 invoked from network); 1 Aug 2015 08:50:13 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Aug 2015 08:50:13 -0000 Authentication-Results: pb1.pair.com header.from=me@kelunik.com; sender-id=unknown Authentication-Results: pb1.pair.com smtp.mail=me@kelunik.com; spf=permerror; sender-id=unknown Received-SPF: error (pb1.pair.com: domain kelunik.com from 81.169.146.221 cause and error) X-PHP-List-Original-Sender: me@kelunik.com X-Host-Fingerprint: 81.169.146.221 mo4-p00-ob.smtp.rzone.de Received: from [81.169.146.221] ([81.169.146.221:49791] helo=mo4-p00-ob.smtp.rzone.de) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id C9/B0-54109-3488CB55 for ; Sat, 01 Aug 2015 04:50:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1438419008; l=6486; s=domk; d=kelunik.com; h=Content-Type:Cc:To:From:Subject:Date:References:In-Reply-To: MIME-Version; bh=lwp3PgOKIiFhrNO6M0JyKU/uye5CVvKqoAIXePL3Ha4=; b=eKkQNJCRj6UtAwKdnOpCz3dAzrd8AkFWS9F3MFYfagTuZZ3GJ8kvyFDgh0TbpHbHm0Y MTaCw14ty0hCcOjfY1hijoi0bqyiu3hgHklGh9u/mhmlsT5Dsi8bnUxhHGtAUBSImrQYx 1PRUfQFYXRUDvQWOyx8it3JB5WOHyKopBnU= X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLDup6E67mzuoNNBqDwsCk= X-RZG-CLASS-ID: mo00 Received: from mail-wi0-f180.google.com ([209.85.212.180]) by smtp.strato.de (RZmta 37.8 AUTH) with ESMTPSA id 505120r718o8E1U (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate) for ; Sat, 1 Aug 2015 10:50:08 +0200 (CEST) Received: by wibxm9 with SMTP id xm9so61185748wib.0 for ; Sat, 01 Aug 2015 01:50:08 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.194.77.5 with SMTP id o5mr16184697wjw.102.1438419008314; Sat, 01 Aug 2015 01:50:08 -0700 (PDT) Received: by 10.27.204.197 with HTTP; Sat, 1 Aug 2015 01:50:08 -0700 (PDT) In-Reply-To: References: <836BA21C-AE99-4E7B-AB06-EBC30E41BA0E@icicle.io> <0AD335F5-35F3-4D98-8F82-800A1EDF8FD8@icicle.io> <05f101d0c838$fcdab5e0$f69021a0$@belski.net> <55B63FDF.6050100@gmail.com> <55B66494.1020106@gmail.com> <55B6707A.3040405@gmail.com> Date: Sat, 1 Aug 2015 10:50:08 +0200 Message-ID: To: Yasuo Ohgaki Cc: Scott Arciszewski , Rowan Collins , Anthony Ferrara , PHP Internals Content-Type: multipart/alternative; boundary=047d7bd91da40765d1051c3c0616 Subject: Re: [PHP-DEV] Core functions throwing exceptions in PHP7 From: me@kelunik.com (Niklas Keller) --047d7bd91da40765d1051c3c0616 Content-Type: text/plain; charset=UTF-8 2015-08-01 1:43 GMT+02:00 Yasuo Ohgaki : > Hi Niklas, > > On Sat, Aug 1, 2015 at 8:27 AM, Yasuo Ohgaki wrote: > >> They should totally be handled. You need to catch the error and throw a >>> defined exception, otherwise your public API will break if you choose to >>> use another internal implementation. >>> Additionally, you seem to assume that the library doesn't have to do >>> things like cleanups in such a case. >>> >> >> My thought is based on Design by Contract (Contract programming). >> When parameter or environment does not satisfy contract, contract error >> should be >> resulted in program/process termination. >> >> Fixing inappropriate parameter or environment is not library/framework >> author's >> responsibility, but the developer's. i.e. >> Caller(function/programmer/system admin) >> has the responsibility that satisfies parameter/environment requirement. >> If >> requirement is not met, it's perfectly OK for library/framework to raise >> fatal >> errors/exceptions. e.g. "You need PHP 5.6 or greater" error. >> > > I'll be more specific for "CSPRNG not available" error. > > If a author would like to handle the error and fallback to non crypt safe > RNG, > he/she should detect environment and execute alternative code for the > environment. > Hi Yasuo, You always assume the developer just wants to fallback to something different. You can't detect the environment btw. because it could just fail because of too many open file descriptors. > Catching exception and fallback to non crypt safe RNG is not optimal way > for handling unsatisfactory environment. IMHO. If we need function that > checks > environment, we are better to provide one rather than let users to use > exception. > This is damn insecure and far away from "not optimal". As said, checking the environment before executing the function isn't safe, and no, exceptions would always be the better way here. Regards, Niklas > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > > --047d7bd91da40765d1051c3c0616--