>On Mon, 22 Jul 2002, Marko Karppinen wrote: > >> PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 > >Not only did I get to re-write all my apps the past few months because of >the new register_globals default that was imposed by `the php group`...
You could have just *CHANGED* the setting in php.ini if it was that big a friggin' deal. I did. >Now I get to upgrade my PHP install once a month or so cause of new >security holes.. Yay! If you want to examine PHP's Security history *OBJECTIVELY* it will go toe-to-toe against anything else in the same market. >Wasn't this new register_globals setting supposed to enhance security? Yes, and it does. >How would you like to be a sys admin with dozens of machines to upgrade >before you can proceed with anythign else? Ooooh, *dozens* of machines. Why, that should take you at least an hour to take care of, unless you want to sit there and twiddle your thumbs while the text scrolls by. Get a life! >Can anyone say Ruby? Can anyone say "No better"? But, hey, we don't care. Go use Ruby if that will make you happy. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php