Hi, another one of my weird ideas: what about a script signing mode?
- ini setting containing a HMAC key - first <?php tag in a file must then have a signature, a la <?php:Base64encodedstring - no parsing of files that fail the signature check - (maybe optional) disabling of eval Of course such an approach would need, in addition, a locally well defined place from where updated code is distributed to production servers, which would then need to implement the signing process. So it's only something for sane larger shops with a good dev/production split. best regards Patrick
