IMHO escribed feature is not a bug. most probably this 'bug' is a special hole just in case.
Valentin Petruchek (aki Zliy Pes) *** Cut the beginning *** http://zliypes.com.ua mailto:[EMAIL PROTECTED] ----- Original Message ----- From: "Lars Torben Wilson" <[EMAIL PROTECTED]> To: "Jerry Verhoef (UGBI)" <[EMAIL PROTECTED]> Cc: "PHP General Mailinglist" <[EMAIL PROTECTED]> Sent: Tuesday, February 12, 2002 12:20 PM Subject: RE: [PHP] ODBC_EXECUTE has a DANGEROUS 'feature'!!! > On Mon, 2002-02-11 at 06:46, Jerry Verhoef (UGBI) wrote: > > I think you all are missing the point that *R&zE is making. > > > > The software you use/create should be bugfree and free from undocumented > > features. Otherwise security risks could occur. And ofcourse all other > > In a perfect world, yes. However, no software is ever bug-free, and when > software is constantly evolving, it will always have features which are > not documented, bugs which are not listed, and so on. That's reality, > and it's reality for every software project out there. Otherwise we'd > just release v1.0 and be done with it. :) > > Anyone is welcome to apply for a cvs account and help out, of course. > > > safe-guard (like checking input, correct rights on the FileSystem) should be > > placed too. > > > > It is bugs like these who create life for Hackers and viruses (like nimda). > > Of course you can say that is the users own fault. But it is the developers > > duty to inform and advise users, and not to look the other way in the hope > > that it goes away. > > > > Jerry > > I don't recall saying that this shouldn't be documented. > > > -- > Torben Wilson <[EMAIL PROTECTED]> > http://www.thebuttlesschaps.com > http://www.hybrid17.com > http://www.inflatableeye.com > +1.604.709.0506 > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
