[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-internals
Subject:    Re: [PHP-DEV] Re: Errors, Exceptions et al
From:       "Richard Lynch" <ceo () l-i-e ! com>
Date:       2009-12-31 4:21:35
Message-ID: 1526.98.193.1262233295.squirrel () www ! l-i-e ! com
[Download RAW message or body]

On Wed, December 30, 2009 12:25 pm, Hans-Peter Oeri wrote:
> Hi!
>
> Rasmus Lerdorf wrote:
>
>> Yeah, good luck with that.  We have been imploring people for 10
>> years
>> to not have display_errors on in production with very little
>> success.
>
> I agree but am convinced at least part of that problem lies in the
> default php.ini, which - up to 5.2 - defaulted to display_errors=on!
> The
> average user - not configuring anything - got that default and
> probably
> got angry about production systems yelling secrets...

The problem is the average user got that and was happy with it, even
in production...

:-(

Keep in mind that PHP is *SO* easy that even a drummer can figure out
how to write a working script, no matter how bad the code is.

And then they toss it up on some server and have no problems for eons,
despite all the vulnerabilities, as they have no traffic to speak of.

Next thing you know, there are millions of sites like this, and
changing the default doesn't help.

People have customized php.ini and don't replace it if they can avoid
it, leaving the pre 5.2.x default in place forevermore.

-- 
Some people ask for gifts here.
I just want you to buy an Indie CD for yourself:
http://cdbaby.com/search/from/lynch



-- 
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]