NYCPHP Meetup

[Gerald Timothy Quimpo]

On Sunday 15 December 2002 09:28 pm, Brian wrote:
> Your issues can be easily addressed by editing the php.ini file.

it's not so easy.  i run many different programs.  they have
different requirements in php.ini.  mostly i can deal since they
rarely conflict.  but i'd like to run the sites as securely as
possible.  that means disallowing per-directory php.inis,
register_globals=off and safe_mode.  and then stuff breaks.
clients want to run their own different programs.  and they
won't pay for their own box.  so we have to all have them
run on a common box.  what a mess.

even on my notebook, where i have total control, i can't
change php.ini settings willy nilly because while i can get the
current application to run, other applications will stop running
or would become insecure (not a problem on my notebook,
but a porting problem later if the code i write depends on those 
settings and my web server is set up to be more secure than my
notebook).

> ; You should do your best to write your scripts so that they do not require
> ; register_globals to be on;  

i wasn't posting about my scripts.  i already write my scripts for safe_mode
and the PHP 4.2.x default settings (with some stricter settings too, like,
uh, safe_mode).  i was asking about other scripts, lots of which can
be downloaded, and none of which (of the not so many, but n>5 i've tested 
so far) will run unmodified with the settings mentioned above.

is there even an understanding in the PHP world that there might be a
problem with the current situation and that a solution is needed?  either
that or perl will win.  as i noted, i've got bugzilla (royal pain that it is
to install notwithstanding) running.  and i have not got a single PHP
bugtracking system running correctly yet (mainly because of the
register_globals requirement, they were written for 3.x, 4.0.x etc).

> ##### JMD: This is set to On in Mandrake because a lot of existing
> scripts ; needs it to be on, and we don't want to break configuration.
> Turning ; it on is a Bad Thing (tm), but for the sake of compatibility and
> less ; technical support, we'll close our eyes ;-)
> register_globals = On

thanks for the info :).  i compile my own PHP on Mandrake, because
i need DBG to work, and i don't know how to get DBG to work with
Mandrake's PHP.  easier to just install my own PHP and apache
in /usr/local.

the info is useful though, for reference, and so i know to turn it off
on production sites.  thanks again.

> Just curious, what don't you like about Perl?  I started in Perl and find
> the two so similar that it was an easy transition.  Perl is a little more
> stringent in its requirements but that is not a bad thing IMHO.

there *is* a similarity, i agree. PHP was just easier for me since it
looks so much more like C.  i can't stand the line noise that some
perl looks like.  but that's just me.  i'm sure if i worked on perl enough 
i'd learn it pretty quickly and use it.  even the line noise i'd get used 
to eventually :).

tiger

-- 
Gerald Timothy Quimpo  tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph
Public Key: "gpg --keyserver pgp.mit.edu --recv-keys 672F4C78"
         Pobrecito mexico tan lejos de Dios y a la vez
		 tan cerca de los Estados Unidos
		                 Gen. Porfirio Diaz