-1 I agree with Henrik Bjorn, the file extension should represent the content. Please configure your editor differently, this can cause serious security issues like you said with misconfigured web servers (of which plenty exist).
On Apr 12, 5:19 pm, Lukas Kahwe Smith <[email protected]> wrote: > Hi, > > So I am proposing a topic for the next > meeting:https://github.com/symfony/symfony/pull/511 > > The gist of the discussion is if to add a ".cache" postfix, making it > ".php.cache" for all generated PHP files. > Currently we already apply this convention in the standard edition for the > bootstrap > files:https://github.com/symfony/symfony-standard/blob/master/bin/build_boo... > > The above pull expands this to also be used for all files generated in the > cache dir. > > Now I do not want to start a lengthy discussion on this list, because both > sides have already presented their arguments on the pull request. So please > if you reply keep it short and focused on what I might have incorrectly > represented or have missed. > > Summary: > ------------- > > The pro's: > - automatically hide the files in IDE indexes and CI tools > > The con's: > - editors will not automatically syntax highlight these files > - web servers will not interpret these files as PHP files in case of a > misconfigured document root > > Personal Comment: > -------------------------- > > I personally believe the con's do not out weight the benefit. > Adding ".php.cache" for syntax highlighting is a one time setting, > configuring to ignore the cache (and bootstrap) files is a per project task. > Furthermore, no end user will ever need to look in these files, let alone do > modifications. And even core developers will very rarely need to look in > these files. As for misconfigured document root, the config dir itself will > then also be wide open, so its not an additional attack vector. > > regards, > Lukas Kahwe Smith > [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
