Re: Session: deprecating create_sid() method and add createSid()?

From:	Andrey Andreev	Date:	Mon, 17 Mar 2014 21:59:51 +0000
Subject:	Re: Session: deprecating create_sid() method and add createSid()?
References:	1 2 3 4 5	Groups:	php.internals
Request:	Send a blank email to [email protected] to get a copy of this message

Hi,

On Mon, Mar 17, 2014 at 11:15 PM, Pierre Joye <[email protected]> wrote:
> hi,
>
> On Mon, Mar 17, 2014 at 10:09 PM, Yasuo Ohgaki <[email protected]> wrote:
>
> For one, I appreciate the effort that both of you put on the session management.
>
> It seems that you are somehow alone to discuss this issue and slightly
> in circle right now.
>
> I would suggest two steps:
>
> - sit down together for a chat and get your stuff together. It will by
> far more efficient than mails
>
> - write one or more RFCs to fix what should be fixed, how and why (see
> next point :)
>
> - provide more info about the actual critical security impact that
> could be fixed by the changes
>   as of now, I failed to see any CVE related to what you are referring to

We'll surely do that.
In fact, I was just about to write Yasuo a private mail about some
security issues, because I didn't find an option to report a bug and
make it hidden. Is there such an option, or does the CVE assignment
process allow that? (I'm not familiar with it)

Cheers,
Andrey.


   

Thread (39 messages)

• Yasuo OhgakiMon, 17 Mar 2014 09:00:01 +0000
  • Yasuo OhgakiMon, 17 Mar 2014 21:35:22 +0000Re: Session: deprecating create_sid() method and add createSid()?
    • Andrey AndreevMon, 17 Mar 2014 21:44:58 +0000Re: Re: Session: deprecating create_sid() method and add createSid()?
      • Yasuo OhgakiMon, 17 Mar 2014 21:55:31 +0000
    • Stas MalyshevMon, 17 Mar 2014 22:49:06 +0000Re: Re: Session: deprecating create_sid() method and add createSid()?
      • Yasuo OhgakiTue, 18 Mar 2014 00:24:09 +0000
        • Stas MalyshevTue, 18 Mar 2014 07:44:07 +0000
          • Andrey AndreevTue, 18 Mar 2014 10:41:43 +0000
          • LeighTue, 18 Mar 2014 11:17:14 +0000
            • Rouven WeßlingTue, 18 Mar 2014 11:28:24 +0000
              • Andrey AndreevTue, 18 Mar 2014 15:55:27 +0000
          • Yasuo OhgakiWed, 19 Mar 2014 00:08:58 +0000
            • Andrey AndreevWed, 19 Mar 2014 00:20:32 +0000
              • Yasuo OhgakiWed, 19 Mar 2014 01:22:57 +0000
                • Andrey AndreevWed, 19 Mar 2014 01:26:47 +0000
                  • Yasuo OhgakiWed, 19 Mar 2014 01:49:35 +0000
                    • Andrey AndreevWed, 19 Mar 2014 01:55:12 +0000
                      • Yasuo OhgakiWed, 19 Mar 2014 02:15:50 +0000
            • Rajneesh ShettyMon, 24 Mar 2014 15:07:29 +0000RE: [PHP-DEV] Re: Session: deprecating create_sid() method and add createSid()?
              • Yasuo OhgakiTue, 01 Apr 2014 01:28:59 +0000Re: Re: Session: deprecating create_sid() method and add createSid()?
• Andrey AndreevMon, 17 Mar 2014 10:23:58 +0000Re: Session: deprecating create_sid() method and add createSid()?
  • Yasuo OhgakiMon, 17 Mar 2014 10:51:07 +0000
    • Yasuo OhgakiMon, 17 Mar 2014 11:01:28 +0000
    • Andrey AndreevMon, 17 Mar 2014 11:10:05 +0000
      • Yasuo OhgakiMon, 17 Mar 2014 21:09:10 +0000
        • Pierre JoyeMon, 17 Mar 2014 21:15:01 +0000
          • Yasuo OhgakiMon, 17 Mar 2014 21:24:12 +0000
            • Pierre JoyeMon, 17 Mar 2014 21:26:34 +0000
              • Yasuo OhgakiMon, 17 Mar 2014 21:30:42 +0000
          • Andrey AndreevMon, 17 Mar 2014 21:59:51 +0000
            • Yasuo OhgakiMon, 17 Mar 2014 22:07:08 +0000
              • Andrey AndreevMon, 17 Mar 2014 22:20:48 +0000
                • Yasuo OhgakiMon, 17 Mar 2014 22:40:00 +0000
        • Andrey AndreevMon, 17 Mar 2014 21:56:13 +0000
  • LeighMon, 17 Mar 2014 13:22:42 +0000
    • Andrey AndreevMon, 17 Mar 2014 13:57:17 +0000
      • Chris WrightMon, 17 Mar 2014 14:11:45 +0000
        • Andrey AndreevMon, 17 Mar 2014 15:07:49 +0000
    • Yasuo OhgakiMon, 17 Mar 2014 21:16:29 +0000