Hey there all, over the past few days I was thinkering over something
that I consider could be a good addition to the core or actually to
the php distribution. PhpSecInfo, the project by Ed Finkler. I was
thinking in making that an extension that we could distribute with the
distribution so the same way someone has access to phpinfo() he'd have
access to phpsecinfo(); to show all the security warnings from it's
php.ini and server settings.
So my question is, is the effort worth it or it's sure to be refused ?
If people seem interested that's cool, if not that's cool too. I just
thought it might be a great way to help people resolve some "simple"
security problems due simply to their configuration.
Let me know what you all think, Thanks,
D
Hey there all, over the past few days I was thinkering over something
that I consider could be a good addition to the core or actually to
the php distribution. PhpSecInfo, the project by Ed Finkler. I was
But isn't it a set of PHP scripts? If so, what would be the value of
making it an extension? There are a lot of very useful PHP scripts,
which aren't part of core PHP.
Stanislav Malyshev, Zend Software Architect
stas@zend.com http://www.zend.com/
(408)253-8829 MSN: stas@zend.com
Hey there all, over the past few days I was thinkering over something
that I consider could be a good addition to the core or actually to
the php distribution. PhpSecInfo, the project by Ed Finkler. I wasBut isn't it a set of PHP scripts? If so, what would be the value of
making it an extension? There are a lot of very useful PHP scripts,
which aren't part of core PHP.
Yes there are a lot of very useful packages, but I think this one
could be very good but not only for the users but also php's general
security image/reputation. Yes many settings can be set in a way that
make PHP less safe than what it can be and helping our users getting
towards a more secure application and dev process would be optimal and
very cool.
Simple in ext/ where one could go like --enable-security-info ....
But yeah, I won't be mad if we decide it's a bit useless for the core
but I think it would be a good "feature" add for PHP6 and perhaps even
a bit of press coverage about php's security, but good press :P
--
Stanislav Malyshev, Zend Software Architect
stas@zend.com http://www.zend.com/
(408)253-8829 MSN: stas@zend.com
--
David Coallier,
Founder & Software Architect,
Agora Production (http://agoraproduction.com)
51.42.06.70.18