[nycphp-talk] april fools in php?
Daniel Convissor
danielc at analysisandsolutions.com
Fri Apr 1 15:29:14 EST 2005
Hi:
> no.
I didn't think you were. That's unfortunate.
Having an easter egg inside the phpinfo() function has nothing to do with
security. First, phpinfo() is a function which is intended for use by
developers, not live websites. Second, this easter egg has been in there
since the end of April 2000*, so this is no surprise. Third, you can go
through the entire source tree of PHP to hunt for other easter eggs that
could be actually dangerous, if you want. Fourth, any programming
language can have easter eggs in them. Fifth, the fact that all commits
are seen by a large number of people eliminiates the possibility of
dangerous easter eggs ever reaching the public.
Anyone thinking PHP's phpinfo() easter egg points to a lapse in security
or feels it "lowers PHP's public perception" clearly lacks a sense of
humor and an accurate perspective.
--Dan
*
http://cvs.php.net/diff.php/php-src/ext/standard/info.c?r1=1.84&r2=1.85&ty=u
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list