On Feb 6, 2005, at 5:02 PM, David Zülke wrote:
Guys, I'm sure I'll annoy the heck out of some on this list, but there's
still the question whether PHP should prevent any case of dumbness on the
developer side. Whatever we do, some developers out there will be way more
idiotic than we can ever imagine. And if any company choses that 16-year-old
PHP "professional", (who, of course, delivers the same quality code as
anyone else who's doing software development for a living), and their server
gets hacked or something because of weaknesses in the code, they deserve it.
PHP won't get more "respect" from the business side by implementing drop
dead stupid stuff like automagic validation, but rather by getting what I
mentioned a few days earlier - proper Unicode support, for example, or
namespaces. Spare your breath for the important stuff. Nobody needs what's
just being discussed here.
Just my 0.02$,
I disagree. The fact that XSS attacks remain one of the largest issues plaguing large so-called enterprise sites points to data validation being a hard thing to remember to always do, and to do 'right'.
George -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
