1 |
On Sun, 22 Apr 2012 07:26:19 -0400 |
2 |
Anthony G. Basile wrote: |
3 |
|
4 |
> 3) I agree that hardened should be mostly off by default. Eg. ipv6 is |
5 |
> off by default. But as pressure mounts the switch to on by default may |
6 |
> have to occur as it has now with unicode and will happen some day with ipv6. |
7 |
|
8 |
Good stuff. |
9 |
|
10 |
There was a nasty input sanitisation avoiding bug in PHP that only |
11 |
affected linux boxes with unicode enabled terminals. Maybe these bug |
12 |
types have something to do with it. |
13 |
|
14 |
I'd be in two minds, personally I can't remember using unicode on a |
15 |
terminal and you could use base64 as a workaround. Many many will use it |
16 |
though, so the default should be enabled. |