On Mon, Sep 16, 2013 at 01:44:16PM +0100, Alain Williams wrote: > > Note that most of these things don't refer to PHP directly. i.e. > > encryption between user and PHP is usually done by the web server. > > Encryption between PHP and databases by database libraries. If > > applications built on top of PHP don't do proper end-to-end encryption > > it is also no issue of the platform in itself. > > I am aware of that. Unless we are careful all the components in an application > stack (of which PHP is just one part) will just sit on their hands and tell > people to look elsewhere. I am trying to kick start something that other > components will pick up and do their bit.
One other point is that the functions in the various libraries (at the C programming level) have got to be called with all manner of arguments, some of which are not visible at the PHP level. Are these the correct ones ? The difference between something that works and something that is really secure can, sometimes, be subtle/non_obvious. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php #include <std_disclaimer.h> -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
