At 18:01 15/10/2002 +0200, Zeev Suraski wrote: >I don't think you use reasonable logic in your analysis. For instance, >the fact that many servers have short_open_tag turned off and for them, >changing the default won't pose a security risk... So what? That's no >way to look at things, really. You have to look at those who DO have it >turned on (which happen to be the vast majority of installations). You >could argue that there was no point changing the register_globals default, >since some sites have it turned off already. Does this make sense to >you? I sure hope not :)
agreed. Also, I've never seen short opening tags actively discouraged, which is why so many people started using them (myself included). If we have to alter allt he scripts from a security point of view, that's fine - but lets not alter it unless we have to. please. -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php