> additional features, however unlikely, could also introduce security > concerns, which are especially tricky given that all of the core > developers I am aware of use mod_rewrite and are unlikely to use an > alternative rewrite mechanism in wide testing.
> Given the ubiquity of mod_rewrite at hosts that offer it for no > additional cost, and the added maintenance for alternatives to this > primary and well-established method of implementing a Front Controller > Pattern in Apache The Apple-like policy of only supporting systems you work with directly is refreshing for developers, but leads to a smaller marketshare. If you've got a crappy host, you're not likely to change hosts just to get Habari. Additionally, if you've got a host who doesn't have mod_rewrite enabled by default but has something where you can request that it be enabled, you're also less likely to try Habari because its a pain in the ass to request it, wait 2-3 days, and then install a the software. Why do that when you could pick one of the many other blog softwares that give you instant access? I'm not advocating supporting endless legacy systems but there should be more than one degree of freedom within Habari's setup. I disagree with the claim that adding a system that uses index.php/foo/bar or index.php?foo=1&bar=2 poses a serious security risk because such access would only be permitted on the 2% of Habari installations without mod_rewrite and once the system is implemented and done so securely, the likelihood of breaking that system without creating a similar issue in the mod_rewrite implementation would be very low. Yes, this does hinge on getting it right to begin with. I've really just been playing devil's advocate, however, I don't think it's necessary. This functionality is better added via a plugin, which requires more hooks - and I do support adding them. --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/habari-dev -~----------~----~----~----~------~----~------~--~---
