[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3

[Ingo Renner]

Xavier Perseguers wrote:

Hi Xavier,

>> why should we need the @ here?
>>  From the dscription at [1] I don't see why we should need them - 
>> especially as we require PHP5.2
>> Are you on 5.2, or at least 5.1.5?
> 
> I'm on 5.2.0 and the problem is that when you use a PHP with strict 
> security configuration (from the Hardened-PHP project), then you 
> typically set the open_basedir on a per virtual host basis. And if you 
> do not allow /dev/urandom to be read but have let warning messages on 
> (which you shouldn't of course on production), then is_readable call 
> fails with a warning which can easily be removed with the @ prefix

but as you said yourself, this is not a standard environment, thus I say 
we should leave out the @ as it also has performance implications.

If you're using a non-standard environment it's your job to take care of 
proper configuration, and as also mentioned by yourself already error 
messages should be turned off in production environments.

I'd also say that it's good to have error messages when something goes 
wrong in general - they're obviously there for a reason (to tell you 
that, and maybe even what went wrong). There's really no sense in 
surpressing error messages.


Ingo

-- 
Ingo Renner
TYPO3 Core Developer, Release Manager TYPO3 4.2