At 17:52 15/10/2002, Dan Hardiker wrote: >I am still +1 on some how getting away from short_open_tag support, if >nothing else, to encourage better coding practices (just as we did with >turning register_globals off by default).
Except unless you mix PHP and XML, this change is meaningless, and it is never a security issue. The comparison with the register_globals issue is completely bogus IMHO. I don't think you use reasonable logic in your analysis. For instance, the fact that many servers have short_open_tag turned off and for them, changing the default won't pose a security risk... So what? That's no way to look at things, really. You have to look at those who DO have it turned on (which happen to be the vast majority of installations). You could argue that there was no point changing the register_globals default, since some sites have it turned off already. Does this make sense to you? I sure hope not :) Regardless of the security risk (which is quite grave), there's no real benefit to changing the default, and plenty of drawbacks. Nay nay nay. Zeev -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
