On September 26, 2002 08:48 pm, Jim Mercer wrote: > On Thu, Sep 26, 2002 at 09:00:17PM -0400, Ilia A. wrote: > > It is not a job of the programming language to implement system, database > > security. This is simply not done. If you want to secure your PostgreSQL > > more so that you can with the current tools, the people you should be > > talking to are the PostgreSQL developers. It is up to them to develop and > > implement various database access controls and security measures. > > Just because it may be easy to hack up PHP to implement this, it does > > not mean this is the correct approach. > > oh, please. > > PHP is full of tweaks and hacks specifically to augment and make easier the > job of the people using it.
The only simular hack I can imagine you are referring to is safe_mode, which is a very ugly thing that was only implemented because at the time it was not possible to implement simular functionality on most web servers. > > the whole point of PHP is to make it easier to accomplish things either > with other apps, or by going around them. > > at this point i have not seen any technical argument as to why this patch > is inappropriate. > all i've gotten so far is a bunch of crap about whose responsibility it is > to secure things. > > the patch i've submitted in no way harms the ability of php to do its job, > and only enhances its ability to help more people make more effective use > of PHP. > > if php-dev is not interested in such suggestions, i'll back off and not > bother you again. > sorry if my providing a complete patch to add this functionality took you > away from more important things. I am hardly in a position to say what all the readers and developers on this list think of this patch. I merely try to explain why I believe this particular patch is not appropriate for standard PHP distribution. -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
