On Apr 7, 2004, at 9:48 PM, Jochem Maas wrote:
Sean Coates wrote:
While I like that your patch can be turned on and off in the INI, this sounds much more like an application-level problem, and thus should be implemented at the application level.
Loads of people have actually put stuff out that does this... ^ |Other tests could be made: - on the browser headers - on IP ranges rather that on the single client IP address - and so on...
What about a scoring system (based on checks on the above and more?),
a bit like that which is used in products like spamAssassin, the ini setting could be a threshold value (0 basically meaning attempt no checks and any value > 0 && =< 1 to be reject/accept* threshold).
...anyway the idea of being able to do some kind of sanity check on behalf 'beginners' (no offensive intended) is a nice idea. Advanced users tend to have specific environment requirements (and set them up accordingly) and perform decent checking anyway.
All of the above methods have problems with proxy servers. As a robust solution to the problem doesn't exist, people should implement their own non-robust solutions in their own scripts.
George
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
