On Mon, 22 Jul 2002, Greg Donald wrote:
> Not only did I get to re-write all my apps the past few months because of
> the new register_globals default that was imposed by `the php group`...
You didn't have to. The choice was given to you, for your own good. If you
have very disciplined programmers and a solid auditing process, you can
still do just fine with register_globals on.
> Now I get to upgrade my PHP install once a month or so cause of new
> security holes.. Yay!
Vastly preferable to the alternative: Brand X, where security holes go
unpatched. The PHP group fixed the problem immediately.
> Wasn't this new register_globals setting supposed to enhance security?
Now there's a non-sequitur if ever I saw one. "What do you mean I have to
stop running across the freeway? I thought giving up smoking was supposed
to enhance my health."
> How would you like to be a sys admin with dozens of machines to upgrade
> before you can proceed with anythign else?
I upgraded dozens of machines. It took about 10 minutes total.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php