Mike Robinson writes: > Uh, no. Affordances are Okay, I'm wrong about that. I don't need to push that analogy to make my point.
> You don't save people by filing down the sharp edges on a tool. You > do it by telling them it's sharp. If you look at a tool, you can tell if it's sharp. If you look at include, you can't tell that it will happily, Pleasantly, Positively JOYFULLY execute hostile code if the attacker asks it to and you haven't told it not to. You know, I keep searching for an explanation of why so many people have had security problems with php. The answer is simple: the people in charge of php (sorry, Rasmus) think it's okay to create an insecure language construct without making it clear that it's insecure. Now, don't tell me that it's not insecure. Everyone here realizes (and I know this because they've told me) that programmers who are concerned about security will always check the values passed into 'include'. Why would they need to do that if 'include' wasn't insecure? If you have to read the man page to find out that 'include' will let some random user from a third-world country execute 'rm -rf /' on your server, then I propose that the problem is not that users didn't read the man page. The problem is with include, and it needs to be fixed. -- --My blog is at blog.russnelson.com | If you want to find Crynwr sells support for free software | PGPok | injustice in economic 521 Pleasant Valley Rd. | +1 315-323-1241 | affairs, look for the Potsdam, NY 13676-3213 | | hand of a legislator. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
