I write all of my code with/for E_ALL as well. Plus, I consider
not relying on register_globals = on to be a crucial requirement
WRT portability.
At 17:04 7/25/2001, Phil Driscoll wrote the following:
--------------------------------------------------------------
>On Wednesday 25 July 2001 15:31, Rasmus Lerdorf wrote:
>
>> The change I would rather see in php.ini would be to have the default
>> error_level be set to E_ALL because then the above script would generate a
>> warning complaining about the fact that $ok was not initialized. Since
>> PHP can determine when variables are not initialized the case for
>> turning register_globals off in this example is rather weak.
>
>+1
>
>The security issue is poor coding rather than anything else. Using the
>various VAR arrays largely moves the problem sideways.
>
>I took the liberty on the Windows installer of making the default route
>through the wizard set the error level to E_ALL. I am fed up that almost all
>the freely available PHP scripts out there just won't run at E_ALL because
>they either spew out so many warning messages that you can't see what's going
>on, and in many cases, the warning messages cause crucial headers not to be
>sent. My own rule of thumb is that if a script outputs any warnings during
>normal use, then it just can't be trusted to be secure.
>
>--
>Phil Driscoll
[EMAIL PROTECTED]
-------------
And the eyes of them both were opened and they saw that their files
were world readable and writable, so they chmoded 600 their files.
- Book of Installation chapt 3 sec 7
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
