No, there are no security implications.  In fact, it is arguably more 
secure to have short tags enabled as it is then less likely for someone to 
accidentally expose their PHP source code since everything between <? and 
?> will be parsed by PHP.  However, keep in mind that XHTML and XML also 
uses <?...?> so if you are mixing XHTML or XML with PHP you could run into 
some difficulties.  Nothing that is all that hard to get around.  I tend 
to always use short_tags myself and simply echo "<?xml...?>"; if I need to 
output an xml revision tag, for example.

-Rasmus

On Tue, 4 Mar 2003, Keith Mastin wrote:

> I was asked to change this in the php.ini file by a user to "make it
> easier to use php on the server". Before doing so, I thought I better ask
> if there's any know security implications. I checked the wiki, and it
> showed that there are 31 instances of this, but didn't actually show any.
> :)
> 
> The server is on the web and has a number of domains. The user in question
> writes a lot of websites using php for maybe 1/2 of the domains.
> 
> TIA
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to