But it is still another hurdle ;) Remeber, security is the art of moving as many hurdles in the way as possible. Hopefully the attacker is exhausted before he reaches the last one. And, yes, I agree it is good to be always reminded that some of the hurdles are small ;)
Rainer > -----Original Message----- > From: Florian Weimer [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2003 11:07 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: AW: [Full-Disclosure] securing php > > > [EMAIL PROTECTED] writes: > > > You an enable PHP's "Safe Mode", which goes a long way to > > closing these holes, but it's not a 100% solution. > > PHP uses many libraries which were not designed to cope with malicious > input from the application. That's why PHP Safe Mode is unsafe *by* > *design*. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
