Monday, November 18, 2002, 3:03:39 PM, John Coggeshall wrote: > What are you doing giving users access to eval()??? That's an incredibly > huge security risk allowing an arbitary user to execute code of their > choosing on your server... (I shiver to think if you actually had the > PEAR Inline_C installed....).. Besides, as with all of the directives in > this nature, a function or two could be created to get/set this > directive as necessary from PHP code.
Selected users with the proper user permissions. What is the point of developing a fine grained user system and not use its power to control the cool stuff? Personally I could live without the option as adding a PHP file is usually faster for me than adding PHP code into a textarea is, but I must admit the latter is quiet handy when you just need a small dynamic page and don't feel like adding more code to the core script just to do it. Also PEAR is a concept I haven't bothered much with yet as the installer has been buggy at best and the code in there doesn't suit my needs. The added level of complexity is unnecessary, and even unwanted if an optimized solution is required. Maybe when it matures more and there is a wider array of packages it will be worth the effort :) > Valid, but I'd be careful being too judgemental... I've seen some pretty > big web sites doing some pretty stupid things ... Putting untested code > on them is sometimes the least of it. So have I. I've also hired, worked with and eventually fired people who didn't get the concept of testing before uploading. Ofcoz I don't test when I update stuff on my own personal sites, but financially they don't cost me anything if they are down all day ;) -- Kjartan <[EMAIL PROTECTED]> (http://natrak.net/) :: "There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult." - C.A.R. Hoare -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
