>On Mon, 22 Jul 2002, Marko Karppinen wrote:
>>   PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
>Not only did I get to re-write all my apps the past few months because of 
>the new register_globals default that was imposed by `the php group`...

You could have just *CHANGED* the setting in php.ini if it was that big a
friggin' deal.  I did.

>Now I get to upgrade my PHP install once a month or so cause of new 
>security holes..  Yay!

If you want to examine PHP's Security history *OBJECTIVELY* it will go
toe-to-toe against anything else in the same market.

>Wasn't this new register_globals setting supposed to enhance security?

Yes, and it does.

>How would you like to be a sys admin with dozens of machines to upgrade 
>before you can proceed with anythign else?

Ooooh, *dozens* of machines.  Why, that should take you at least an hour to
take care of, unless you want to sit there and twiddle your thumbs while the
text scrolls by.  Get a life!

>Can anyone say Ruby?

Can anyone say "No better"?

But, hey, we don't care.  Go use Ruby if that will make you happy.

Like Music?  http://l-i-e.com/artists.htm

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to