No, there are no security implications. In fact, it is arguably more secure to have short tags enabled as it is then less likely for someone to accidentally expose their PHP source code since everything between <? and ?> will be parsed by PHP. However, keep in mind that XHTML and XML also uses <?...?> so if you are mixing XHTML or XML with PHP you could run into some difficulties. Nothing that is all that hard to get around. I tend to always use short_tags myself and simply echo "<?xml...?>"; if I need to output an xml revision tag, for example.
-Rasmus On Tue, 4 Mar 2003, Keith Mastin wrote: > I was asked to change this in the php.ini file by a user to "make it > easier to use php on the server". Before doing so, I thought I better ask > if there's any know security implications. I checked the wiki, and it > showed that there are 31 instances of this, but didn't actually show any. > :) > > The server is on the web and has a number of domains. The user in question > writes a lot of websites using php for maybe 1/2 of the domains. > > TIA > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
