[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Ingo Renner
ingo at typo3.org
Mon Oct 13 19:33:26 CEST 2008
Xavier Perseguers wrote:
> No. Taking care of proper configuration would force me to allow read of
> /dev/urandom which you cannot force, this is why Dmitry added tests to
> use /dev/random instead or the built-in PNRG. If you leave this without
> the @ sign (which BTW is already present in many part of the core), then
> you force me (or any other administrator) to modify the source code
> before being able to use it as I won't allow access to /dev/urandom to
> my customers. It removes entropy on my server and could be used as part
> of an attack if my server is not able to regain entropy quickly enough
again, you're mixing things up, you get that error because you're not in
a standard environment, a default PHP environment will not throw errors,
and even yours shouldn't according to the function's documentation...
> This is a warning, not an error message and warning should be suppressed
> in proper coding, this is why I submitted this patch to Dmitry which
> agreed.
A warning also has a reason, it also tells you that something isn't
right... do not surpress errors (except for live environments)
Ingo
--
Ingo Renner
TYPO3 Core Developer, Release Manager TYPO3 4.2
More information about the TYPO3-team-core
mailing list