> I fully agree here with Rasmus and I also think this will
> be the workaround for most people -- if one _does_ care
> about security, he even knows what and how to do nowadays.
> I don't think turning register_globals to off will evangelize
> people to develop more secure scripts/applications.
thats it.

what we could do to make people to write more secure script is:
- telling them to do so,
- telling them what is insecure
- telling them why something is insecure
- writing a special type of documentation, about  how to write secure scripts

maybe we could do something like a php-security-central, where everyone who wants
to learn about security could read this kind of documenation, a special mailinglist
where issues about security of php-applications is discussed, etc.

you cant fight security holes without knowing what the hole is, and you
cant make others writing secure apps without teaching them about how this works,
we shouldnt change php, we should give more information about this problems,
so everyone is able to learn how to avoid them.

- Peter 
*ZIMT - where PHP meets needs*
Homepage: www.cyberfly.net - [EMAIL PROTECTED]
PHP Usergroups: www.phpug.de - [EMAIL PROTECTED]
Just for Fun: www.fist-center.de - [EMAIL PROTECTED]

PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to