As you may know safe_mode,miracle_quotes .... etc , is going to be canceled in PHP6
What are the options for them ? to boost the safety level ...
I believe the purpose of getting rid of these functions would be that the PHP team of developers appreciates that applying security measuresOrsystems within the application stack isn't a cure all for acquiring Web programs.
There should not be direct code/configuration substitutes of these features in PHP. Rather:
- application designers ought to be more explicit about things like reading through in values from demands and also the atmosphere AND validating and getting away values, rather than letting features like
magic_quotesachieve this indiscriminantly.
- system engineers and system designers should think about permissions for those filesystem assets needed by a credit card applicatoin instead of getting
safe_modelimit the accessiblity and effectiveness of built-in functions.
I am sure someone will attempt to learn how to re-create these functions, and you will see a great deal recently adopters that decide to remain on earlier versions of PHP rather than addressing security directly. But when you're really worried about security, don't search for cutting corners.