On Mon, May 07, 2007 at 06:37:29PM -0700, Sara Golemon wrote:
> Ditto Richard's comments about false-implications of security, but I'd
> also like to add that *IF* folks decide on the whole that this is
> worth adding, it should be done more generically than a setting for
> md5 and a setting for sha1.
I appreciate your suggestion.
> If someone (for some reason) has ext/hash disabled (it's
> enabled-by-default since 5.1.2), then they just won't get a hash.
Or, we could resort to ext/standard/{md5|sha1} to make these two hashes
always available, like the Session extension does. But this double
strategy would complicate the code in rfc1867.c and yield very marginal
gain.
If there's enough interest in this, I will rework the patch according to
Sara's hint.
Cheers,
David
--
David Santinoli
Tieffe Sistemi S.r.l. viale Piceno 21, Milano
www.tieffesistemi.com tel. +39 02 45490882
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
