From: Stanislav Malyshev [mailto:stas@zend.com]
I don't think they are "not important", just that they are not important
enough to want them fixed no matter the cost. Running shared hosted
server in a mode that relies on restricted code IMO is wrong anyway, and
for non-shared environment these problems could be exploited only if
specifically enabled by very badly written code. So when there's a
trade-off between having the language work better for 100% of cases or
protect those who run broken code on their servers - the choice would be
to make language run better. Again, that doesn't mean bugs shouldn't be
fixed - just the fix shouldn't make the situation worse.why not let the choise to the php user ?
with configurable option ?
if the user accept perfomance hit vs security, they configure the option...
without run fast but without protection...
it's juste a idea...
Mathieu
why not let the choise to the php user ?
with configurable option ?
There's no way to make it configurable option, since it'd require having
2 separate engines in the language.
Stanislav Malyshev, Zend Products Engineer
stas@zend.com http://www.zend.com/