On 09/04/12 21:17, Yasuo Ohgaki wrote: > Please do not tell me that programmer should > learn not to, since it's not a protection but education. Hire a more competent programmer? If he writes such code, he will be completely unaware of the subtleties of XSS, or how SQL should be escaped, and his code is probably beyond "protection". You're better served by rewriting it.
> If programmers/administrators could disable embed mode, > then systems will be protected from vulnerable codes. How do you enforce that the application you need doesn't rely on it? Note: 'education' is also forbidden as you restricted it in the previous question. :-) -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
