Re: [PHP-DEV] trans-sid warning?

> So if Im to write an online web-based banking system (either in > Java/JSP, > PHP, ASP - whatever)... what method would you suggest that IS secure? As for the propagation of the session id, there is only one pseudo-secure method -- using HTTP basic authentication. On authenticated pages, the

Re: [PHP-DEV] trans-sid warning?

Dan Hardiker: > However, HTTP basic authentication is passed the same as session > cookies > (discussed earlier in this thread) - in the headers of the HTTP > communication. This can very easily be faked with something like cURL. On the other hand, if you know the user's credentials, why bother

Re: [PHP-DEV] trans-sid warning?

Sascha: > If you want your site to be safe, enable > session.use_only_cookies and be done with it. No amount of > checking on the server side can otherwise prevent this class > of attacks. By the way, does session.use_only_cookies work with session.use_cookies=off? I'm using an

Re: [PHP-DEV] trans-sid warning?

Xavier: > So you wish to prevent your users from forging GET/POST values and are > willing to rely on client-side cookies ? > How is that any safer ? > > On Tue, 2002-08-20 at 09:18, Marko Karppinen wrote: >> By the way, does session.use_only_cookies work with >>

Re: [PHP-DEV] THTTPD

nd. Actually, I'd love to have php distributed with such a small and powerful http server -- it just needs quite a different approach than the other SAPI modules. -- >> Magenta Sites Marko Karppinen -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-ma

[PHP-DEV] acinclude.m4 changes for Darwin/Mac OS X

Hi all, I'm currently working on PHP extensions to bring some Mac OS X -native functionality available to PHP users on the platform. To allow for this, the PHP build chain needs to support Mac's way of dealing with shared libraries. Here's some background: Libraries in Mac OS X and Darwin are de

Re: [PHP-DEV] Bug #15225: 4.1.1 fails on OS X 10.1.2

> Reproducable here. Definately needs to be fixed... I'm working on the OS X compile. I've landed myself into a world of trouble with it, though. My changes involve moving up to the absolute latest autoconf/automake/libtool chain and it's breaking just about *everything* right now. I can't put

Re: [PHP-DEV] Bug #15225: 4.1.1 fails on OS X 10.1.2

> I'm not sure using a libtool that MacOSX doesn't ship > with is such a good idea. Why Apple hasn't fixed their shipping version of libtool is beyond me, but the plain fact of the matter is that their current libtool is useless enough to be completely irrelevant. Since *it will never work*, why

Re: [PHP-DEV] Bug #15225: 4.1.1 fails on OS X 10.1.2

Brad House: > Messing with the dev-tools on OS X shouldn't be a > requirement for building PHP... Truthfully, most > Mac people can't tell their A$$ from a hole in > the ground... It will be a requirement for *building PHP from CVS*. (For now, at least). Packaged PHP releases like 4.2 will hopef

[PHP-DEV] Autoconf 2.13 support

Hey, Is autoconf 2.13 support supposed to be maintained indefinitely? I could *really* use some 2.50 features. --Marko -- PHP Development Mailing List To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list adminis

Re: [PHP-DEV] [Fwd: Re: [Zend Engine 2] Case sensitivity: Conclusion(?)]

>> However, we need vote for if PHP5 will have case >> sensitive class/function/constant names. > > +1 for case-sensitive everything -1. Differentiating two objects only by the case of their names seems absurd to me. This is not how humans function. Ease of implementation is the only thing spe

Re: [PHP-DEV] [Fwd: Re: [Zend Engine 2] Case sensitivity: Conclusion(?)]

Markus: > You have the wrong book then. Painless integration with other > technologies is the main argument (.NET, SOAP, SRM [didn't > forget it this time, Derick ;)]) I have some trouble believing that this is a real-world problem. Interfacing with a case-sensitive system is troublesome only whe

Re: [PHP-DEV] [Fwd: Re: [Zend Engine 2] Case sensitivity: Conclusion(?)]

Marc wrote: > I don't think people should write code that differentiates by case, but > case-sensitive coding leads to consistency in naming, so you will not read > MySQL_ConneCt somewhere and mysql_connect somewhere else, while it means the > same thing... If you just want to promote case-accura

[PHP-DEV] Bug report subject lines

Since it seems that someone is working on the bug report system, here's my suggestion for improvement: The bug report subject lines seem to carry a LOT of excess baggage. The subject line for an update email for a bug in the five-digit range contains 30 (!) characters of text before the bug repor

Re: [PHP-DEV] Re: Case sensitivity: Conclusion(?)

Yasuo: > Hmm. I vote -1 for this. > It just does not make sense to store original(case sensitive) > names while langage ignores case. It's also confusing, lead > to case sensitivity BC problem anyway just like with case > sensitive function/names. Case preservation makes very much sense in a case

Re: [PHP-DEV] Re: [Zend Engine 2] Re: [PHP-DEV] Re: Casesensitivity: Conclusion(?)

>> A lot of errors that are E_NOTICE today would definitely be better off >> as E_PEDANTIC. Undefined array indexes come to mind. What else? >> E_INFO may be a bit vague (and probably attract a lot of "misc" >> errors). What about E_COMPAT for compatibility issues? > > E_PENDATIC, E_COMPAT, E_

Re: [PHP-DEV] Build System V5 Update

> Ok, here is a new version of the build5 patch. It fixes the > find issue and avoids lots of sed calls. The cli sapi builds fine on Darwin 5.2 (Mac OS X 10.1.2). (Autoconf 2.52g) The apxs build on OS X is still b0rked, as expected. I'll get on it after you commit your changes. --Marko --

[PHP-DEV] FOSDEM from London

Quite far off topic, sorry, but if somebody is travelling from London Heathrow to Brussels on Saturday or back on Sunday, let's meet at the lounge for drinks or something :) --Marko -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Vote on New Build System

> Hi, > > I'd like to get some input on the new build system. If there > are enough "yea" voices, I could merge it into 4.3.0.. I'd love to see this in 4.3.0. --Marko -- PHP Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Re: [PHP-CVS] cvs: php4 /main rfc1867.c

> Modified files: > /php4/mainrfc1867.c > Log: > Fix: Now returns correct Content-Type with Opera 6.01 Hi Stefan, could you shortly explain why a single browser needs such a workaround? Since Opera 6.01 is less than a month old, shouldn't they be the ones fixing such a problem? Have you t

Re: [PHP-DEV] the dl() issue

Shane wrote: > I think dl is an extremely important feature, and issues surrounding it > should be fixed. I'm absolutely, positively +1 on this. On the Mac OS X side of things, we are in the interesting situation of having PHP bundled with the operating system. I guess the same can be said abou

Re: [PHP-DEV] the dl() issue

>> Having a good, working dl mechanism is the only reasonable way out of this >> Catch-22. > > Apple should be using php.ini for extensions and not require the user to > call dl() wich is sucky. This is not about what Apple should be doing; indeed, Apple does nothing to stop you from using a php

Re: [PHP-DEV] the dl() issue

Zeev and Stas: > That sounds like a pretty good idea, actually :) >> Might the solution be in the form of some 'auto-load extension folder'? >> I.e., folder in which all extensions found there are loaded automatically? Yes, this seems to be a near-perfect solution to me. Great! --Marko -- PH

[PHP-DEV] Re: Bug #16135: Release breaks due to C++ requirement

g report about this. (#15261, which I'm now closing.) --Marko -- Marko Karppinen - http://homepage.mac.com/marko/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DEV] Mac OS X --with-apxs build now works!

n. I encourage developers on other platforms to test the apxs build as well, in case I botched it up :-) On Mac OS X, we require OS version 10.1 and the December 2001 version of the developer tools. Happy hacking, Marko -- Marko Karppinen - http://homepage.mac.com/marko/ -- PHP Development Ma

[PHP-DEV] [Darwin] NSLinkModule and Apache modules

ssue. I'm *really* hoping I've missed some simple way to make it all work :) --Marko -- Marko Karppinen - http://homepage.mac.com/marko/ -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Aggregation, Multiple Inheritence, pros/cons

ject (no pun intended) to your use of past tense when discussing Objective-C ;-) --Marko -- Marko Karppinen - http://homepage.mac.com/marko/ - • -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] ext/standard/dl.c: DL_ERROR()

> is DL_ERROR() something that is normally defined? the patch to add Mac > OS X support changed the GET_DL_ERROR() macro to call this instead of > dlerror(), which broke the build for me on debian/unstable. Yes. It's defined in Zend. Sync time... --Marko -- PHP Development Mailing List

Re: [PHP-DEV] standard platform names

es CoreGraphics" or "requires AppleScript"). I suspect there's a similar requirement for the Windows platform. Marko -- Marko Karppinen - http://homepage.mac.com/marko/ - • -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DEV] Mac OS X --with-apxs build now works!

> I guess this fix didn't make it into 4.2.0? > > Officially stated, it's not supported in 4.2.0, and > I just compiled 4.2.0RC4, and the build is broken (I have > yet to try 4.2.0 which just came out like 2 minutes > ago). You are right. I wrote that official statement. These build fixes were b

[PHP-DEV] snaps.php.net

opment and especially QA efforts on the 4.2 branch would greatly benefit from snapshot availability. As 4.2 is our "stable" branch, its users are probably not as "cutting edge" as the PHP3 users, so I'm proposing a compromise: three daily builds of 4.2 and five daily builds of PHP

Re: [PHP-DEV] PHP 4.3 charter and release plan

> Stig, I have a bit of work to do still with the bundled ext/gd/libgd so I > would add bundled libgd to the list of major changes. May need a bit of > Sascha-help to get it building correctly in the new build system. This reminds me. I'm working on implementing the current gd+freetype functiona

Re: [PHP-DEV] [PATCH] Get apache2filter to link on Darwin

> By default, Darwin requires that all references be resolved at > compile-time instead of run-time for bundles. So, when we try to > build the apache2filter module, we are calling some APR and APR-util > functions from the module. Since apxs does not expose the linking > information for APR or

Re: [PHP-DEV] [PATCH] Prefer glibtool over libtool (resend)

> (This is a resend of an earlier patch.) > > It switches to preferring glibtool over libtool so that we can > correctly run buildconf on Darwin. Since Darwin comes with a libtool > but not the GNU libtool, we should try glibtool first. Since libtool > exists, we don't look for glibtool and the

Re: [PHP-DEV] [PATCH] Fix bundle compilation on Darwin for Apache2.0

> This patch does two things that should only be Darwin specific: > - Call apr-config and apu-config to determine the link information > for the requisite libraries so that they can be self-contained. > - Modifies the libphp4.bundle target to allow linking with libtool. > Since ap{ru}-config *may*

Re: [PHP-DEV] [PATCH] Fix bundle compilation on Darwin for Apache2.0

Justin, > httpd-2.0 doesn't build with the stock libtool-1.4.2 either. So, > if you're using Apache 2.0, you're going to need a patched libtool > anyway. I'd imagine that binary distributions of httpd-2.0 will > include the patched libtool in its installbuilddir (whomever built > the binary nee

Re: [PHP-DEV] [PATCH] Fix bundle compilation on Darwin for Apache2.0

One More Thing, Justin :) > +MH_BUNDLE_FLAGS="`$APXS_BINDIR/apr-config --ldflags --link-ld --libs`" Could you give me a scenario where we might need something from --ldflags or --link-ld? Wouldn't just the libs do? I'd rather not include something that might override our choices on the link line

Re: [PHP-DEV] bundling libxml2 / bundling locations

are not worth the minor > benefit. I think the solution would be to allow PECL to optionally fetch the libraries an extension depends on, quite like FreeBSD ports. It is exactly as much work as bundling them altogether, of course, but at least we avoid the impact on our distribution size. mk

Re: [PHP-DEV] bundling libxml2 / bundling locations

Markus: > Honestly I see this being a point beyond the task of PECL. > There are too many things which can get fucked up (I just see > a secenery where someone accidantly installs libxml2 through > PECL though he has it in the system but in a non-standard > path). Really, this does not belong to P

Re: [PHP-DEV] bundling / PECL

Shane: > For situations like this, perhaps we can 'bundle' libraries in PECL. > The make system could examine the system for the library, if it is not > installed, or is not the required version, it could ask the user if they > want to have it downloaded/built/installed automaticly. I agree, exce

Re: [PHP-DEV] libxml bundling

Zeev: > I believe there's at least one company that effectively proved that the > opposite is true, there are probably many others. I don't see a problem in > having core technologies enabled by default. Purists can turn them off, > but there are a hell of a lot more average users than there are

[PHP-DEV] Wanted: Apple QA volunteer in California

The PHP Group is looking for a volunteer to test the upcoming Mac OS X releases of PHP at Apple's Compatibility Labs in Cupertino, California. The task is to run through the PHP Installer and a test harness on a wide variety of Mac OS X platforms. The ideal candidate will have experience in test

[PHP-DEV] Apple developer program membership

I'm making the following Apple Developer Connection resources available to the members of the PHP development community: 4x ADC Software Seed Key A software seed key gives you access, for 12 months, to pre-release software seeds made available by Apple. 6x ADC Premier Hardware D

[PHP-DEV] PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and4.2.1

PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Issued on: July 22, 2002 Software: PHP versions 4.2.0 and 4.2.1 Platforms: All The PHP Group has learned of a serious security vulnerability in PHP versions 4.2.0 and 4.2.1. An intruder may be able to execute arbit

Re: [PHP-DEV] W3C html validation issue

>> You're only supposed to change it in your HTML..NOT in the >> browser's query line.. > > As well as in header() calls (as already stated in this thread) and in > javascript calls: document.location.href = 'foo.php?bar=1&var=2' won't > work either. Guys, the W3C recommended separator f

[PHP-DEV] php-bugs subject lines

Let's make them a bit more informative. Example: instead of Bug #17725 Updated: CCan not compile with GCC 3 how about No feedback on #17725: CCan not compile with GCC 3 instead of Bug #18555 Updated: Incorrect link to Windows version 4.2.2 how about Bug #18555 Bogused: Incorrect link to Windo

[PHP-DEV] Re: [PEAR-DEV] Binary extensions via PECL

on 26.7.2002 20:47, Martin Jansen at [EMAIL PROTECTED] wrote: >> - After this change the OpenSSL extension will be a significant >>enabler of the PEAR/PECL infrastructure. It should be >>on by default (if the host has OpenSSL installed). > > What's with Windows? Does it support OpenSSL "