One reason it isn't turned on by default is just because it's still too experimental.
Another is that it incurs some runtime overhead, I suspect. That's not necessarily solved by a runtime option since that in itself would give overhead. To begin with it'd be good to see some measurements on this. Perhaps the overhead is so small that it isn't an issue.
/ Martin Stjernholm, Roxen IS
Previous text:
2003-04-05 21:17: Subject: Re: sTeam DoS vulnerability (still is: Do we have a floatingpoint bug?)
much worse! --with-security is a compiler option right?
that means that no installed pike out there will support it. which means we can not rely on it's existance (never mind it being tested)
it is a bit to much to ask our users to recompile pike for sTeam. we need to be able to use standard pike installations.
if you want to give this security system any chance of being tested and used, it needs to be enabled by default and at least available as a runtime option.
greetings, martin.
/ Brevbäraren