Alex, On Sun, Jul 15, 2012 at 7:19 PM, Alex Aulbach <alex.aulb...@gmail.com>wrote:
> Ok. I think, I go too much off topic. Sorry. > > But I want to repeat > - we never know in which context the program will run. And good > security means, thait it shouldn't care, in which context it runs. > Could you explain what you mean by context here? I'm not following... > - everything, which can go wrong will go wrong (Murphy); if there is > any chance to make it wrong, there will be someone, which make it > wrong. (and in this case they will point to PHP: "see, I have said it > is unsecure..." :) ). > - in security context this means: The hashes will be stolen/we can > login without password etc. > - No documentation or any other thing can prevent that > You can not make something idiot proof. If you try, the universe will just invent better idiots. Instead, as long as the function works in a sane manner, and the documentation reflects the edge-cases and concepts, I think it's fine. > - So we need to do everything, which is possible to avoid it. The best > thing would be, that we can guarantee, that it is not possible. > If that was the case, there would be no PHP or any other language for that matter. You can't stop people from being stupid. What you can do however is make the documentation and implementation so bloody easy to use that *I didn't know* becomes the only sane excuse... > - As positive side-effect we can have more possibilities in PHP :) > > > More off topic: > Let me explain that last sentence: I dont know exactly how this can be > implemented, but I think every warning, error and so on could be an > exception instead. Just an idea, but I think this can remove > complexity, because - even if I think the current error-handling is > quite well designed - it is a source of sercurity-problems (and some > other more or less ugly things). I think about a default > exception-handling which can be overridden (like the error-handlers). > Could be an interesting concept. :) And of course its something which > needs time. > The default exception handling can be overriden today: http://us2.php.net/set_exception_handler But I agree with your larger point. The only problem with it is that it would take an engine wide shift to do. Which I think is out of scope for a point release, and there's no reason (that I can see) to tie this implementation to that shift. Let's implement this with the normal error handling methods, and then handle it uniformly later... Anthony
