[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phptest-devel] security and older interpreters

From: John Lacey
Subject: [Phptest-devel] security and older interpreters
Date: Sun, 14 Jul 2002 21:45:09 -0600


It occurred to me that my comments about the 4.2.0 minimum requirement going
forward might be misinterpreted.  I should have included a suggestion that
once the new features you are thinking about are implemented, that version
of phpTest could be "frozen" with the occasional bug fixed as necessary.
That way users, whose hosting providers are running interpreters below 4.2.0
(beaucoup), would not be locked out from utilizing an older version of
phpTest with a fairly rich feature set.  An announcement could be made about
the plan up front, so that separate forks would not have to be upgraded and
maintained (a very bad thing, indeed).

Again, I appreciate the fact that security is a much broader issue than
simply using aliases in place of $HTTP_*_VARS, so there would be a fair
amount of work involved in the process.  The PHP folks seem to be just
beginning to attack security issues, so who knows what other changes may be
forthcoming in the next few years.  Maybe they'll even come out with some
doofus logo saying "PHProtectIT" so people can happily plaster it on their
site. :)

Finally, you could choose to bag the entire idea figuring there's nothing to
be gained by using the new input mechanisms at this point, having the
product in your head.  My take on that would be philosophical, figuring
I've "done my job" as an interested contributor in submitting new ideas, or
code, or whatever I can.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]