[php-maint] Fwd: Bug#521198: php5-suhosin nulls mysql update parameters and allows update to continue

[Jan Wagner]

Hey guys,

any idea how to respond on this "bugreport"?

I personally think:

1. if anybody installes a php security module, the documentation should be 
read
2. if the documentation was read, the users are able to set appropriate 
settings
3. if anybody don't like to act suhosin and use the simulation mode, this 
should be done via ini setting

I agree, that we don't have included any documentation, which is caused by 
missing documentation in the upstream tarball and upstream provides the docs 
online.

Guessing from the bugreport, I think the cause for the "dataloss" was, that 
suhosin blocked the execution of the script, cause the values are to 
much/large, which can be adjusted via ini settings. Not checking, if the 
values have reasonable content, is not a problem of suhosin, but of the 
application. There are many other scenarios (unrelated to suhosin) which can 
cause empty values.

Thanks and with kind regards, Jan.
-- 
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
-------------- next part --------------
An embedded message was scrubbed...
From: David <david_debianbugreport at pureflight.ca>
Subject: Bug#521198: php5-suhosin nulls mysql update parameters and allows update to continue
Date: Wed, 25 Mar 2009 10:17:44 -0700
Size: 6191
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20090407/cc4e8002/attachment.eml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20090407/cc4e8002/attachment.pgp>