On Thu, Dec 29, 2011 at 2:12 PM, Tom Worster <f...@thefsb.org> wrote:
> Fair points but not germane to my main argument: I proposed that the base > PHP API should allow the PHP programmer uniform access to the system's CS > random byte source, which is CryptDevRandom on Windows. My proposal was > countered by pointing out ways the runtime environment can be configured > to provide access. I responded to that with the claim that the PHP > programmer sometimes has no control over the runtime environment. I > believe this should not prevent her from delivering portable, quality > code. It is often somebody else's job to secure the runtime environment. You misunderstood my statements. They were about fixing some mistakes you made in your initial posts and about showing that these features are already available right now in any sane environments. About having standard functions to do that is indeed a good thing, while they won't rely on other methods and we are certainly not going to reinvent the wheel to provide CS entropy sources out of the blue on any supported platforms. That would be a mistake, almost like what safe mode was. Cheers, -- Pierre @pierrejoye | http://blog.thepimp.net | http://www.libgd.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
