Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:87880
Return-Path: <larry@garfieldtech.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 43580 invoked from network); 23 Aug 2015 16:20:02 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 23 Aug 2015 16:20:02 -0000
Authentication-Results: pb1.pair.com header.from=larry@garfieldtech.com; sender-id=unknown
Authentication-Results: pb1.pair.com smtp.mail=larry@garfieldtech.com; spf=permerror; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain garfieldtech.com from 66.111.4.28 cause and error)
X-PHP-List-Original-Sender: larry@garfieldtech.com
X-Host-Fingerprint: 66.111.4.28 out4-smtp.messagingengine.com  
Received: from [66.111.4.28] ([66.111.4.28:59796] helo=out4-smtp.messagingengine.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 23/43-27100-FA2F9D55 for <internals@lists.php.net>; Sun, 23 Aug 2015 12:20:00 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.nyi.internal (Postfix) with ESMTP id 5388C2091F
	for <internals@lists.php.net>; Sun, 23 Aug 2015 12:19:56 -0400 (EDT)
Received: from frontend1 ([10.202.2.160])
  by compute5.internal (MEProxy); Sun, 23 Aug 2015 12:19:56 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=content-transfer-encoding:content-type
	:date:from:in-reply-to:message-id:mime-version:references
	:subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=NGTJr6ygUTvROvZ
	SM9OeFl89Xc8=; b=DFbFnpMCI9KCB6sHEkaUVJp591Qsq73q8NlxbQ9s+N0Wqzc
	kaNXjim7cqoWwG/qu0V45mUil2hWX5TmrPAEngRRNyQ+hH7jO0Q3t+i63S79l5e3
	smLR2sxwZEr0JDL2i35dtciPnH1JrThzEqRIly9ZldrPS2l8kbszMW36wyuo=
X-Sasl-enc: RzZ1sI8iJAZYGL+dqCHVWnBh9+1OtymK24jCG/XDo1yT 1440346796
Received: from [192.168.42.5] (c-50-129-175-166.hsd1.il.comcast.net [50.129.175.166])
	by mail.messagingengine.com (Postfix) with ESMTPA id 16021C0001D
	for <internals@lists.php.net>; Sun, 23 Aug 2015 12:19:56 -0400 (EDT)
Message-ID: <55D9F2AB.8040404@garfieldtech.com>
Date: Sun, 23 Aug 2015 11:19:55 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0
MIME-Version: 1.0
To: internals@lists.php.net
References: <20150823003346.A6E6B2617DA@dd15934.kasserver.com>
In-Reply-To: <20150823003346.A6E6B2617DA@dd15934.kasserver.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [PHP-DEV] [RFC] [Discuss] Random Functions Throwing Exceptions
 in PHP 7.0.0
From: larry@garfieldtech.com (Larry Garfield)

On 08/22/2015 07:33 PM, Thomas Bley wrote:
> Anthony Ferrara wrote on 22.08.2015 21:58:
>
>> All,
>>
>> I am putting a simple RFC up for discussion to make random_* throw
>> exceptions on failure in order to ensure we fail-closed.
>>
>> https://wiki.php.net/rfc/random-function-exceptions
>>
>> Considering this topic has already been discussed, I intend to open
>> voting on this as soon as allowable. Given the voting policy specifies
>> 2 weeks for language changes and 1 week for another, this is assumed
>> to require 1 week of "discussion".
>>
>> With that in mind, I intend to put this RFC up to vote on August 29/30th.
>>
>> Thanks!
>>
>> Anthony
>>
>> -- 
>> PHP Internals - PHP Runtime Development Mailing List
>> To unsubscribe, visit: http://www.php.net/unsub.php
>>

*snip*

> If people use this function without reading documentation, they will also use other things without documentation like database queries without binding/escaping, inject html without escaping, etc.
> Having core functions suddenly throw exceptions causes many problems in the code structure.
>
> Regards
> Thomas

It's actually the other way around that is the compelling argument here.

We *already know* that developers use things without documentation, like 
database queries without binding/escaping, inject HTML without escaping, 
etc.  These things happen all the time, despite extensive documentation 
efforts to prevent them from doing so.  Therefore, there is little 
evidence to suggest that documenting "you must check the return value to 
make sure it's not false", no matter how big, red, and flashing we made 
it, will result in people actually doing so.

If we want these functions to be safely used, they need to be naively 
safe to use.  They simply won't be used safely otherwise, and these are 
high-sensitivity functions (by design).

--Larry Garfield