Hi,
and why Debian still use the php module version by default ?
By using the fcgi version each application can have it's own php.ini.
Furthermore, it's a different problem but this will also allow use of a
specific unix account for each apps.
In the actual Debian's php.ini we can found about safe_mode :
> NOTE: this is considered a "broken" security measure. Applications
relying on this feature will not recieve full support by the security
team. For more information please see
/usr/share/doc/php5-common/README.Debian.security
I agree with that, but there is no security at all on default Debian
install : any PHP application can read configuration (DB passwords,
encryption keys, etc) of other PHP applications.
As a Debian user, I always modify the default behaviour to have
phpmyadmin running under the "phpmyadmin" account and using my
/etc/phpmyadmin/php.ini file. Same problem with roundcube too, and other
apps.
So, maybe Debian should change if way of deploying PHP apps, to allow
better security and per-apps config file, no ?
In any case, I really really don't want PHP throw an E_DEPRECATED on
apps using short_open_tag.
Olivier
Derick Rethans a écrit :
On Tue, 12 Jan 2010, Raphael Geissert wrote:
As mentioned on my other post, at Debian we are planning to include
5.3 in Squeeze. Given that the development and production php.ini
files both turn short_open_tag by default but many applications
shipped by Debian itself still require it to be enabled, we have
decided to _enable_ it again on the .ini files.
Would it be possible to force short_open_tag to a specific value for
those applications alone? Perhaps through an .htaccess file? That way,
Debian keeps the "PHP default" but still allows those apps to work.
However, we would like to contribute in the quest to make applications
stop using short_open_tag. To do so, we have decided to throw an
E_DEPRECATED warning when an application makes use of short_open_tag.
The current implementation can be found at [1].
How does this sound?
Like Rasmus said, we've no intention of deprecating it. It's just that
apps requiring short open tags are not really portable (because they
don't work when short_open_tag is set to 0).
with kind regards,
Derick
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
