i know i probably shouldn't be posting this in here, but i'm not sure where else to do so. so please forgive me if this is the wrong place.
basically in PHP 5 is there going to be a php.ini directive to control uploads? so for instance an ISP can restrict uploading of certain files, or only allow others. This would obviously help greatly in protecting against upload compromises, and also against any other kind of upload attacks (DoS). I'm also wondering if there's a way to get uploading executables turned off on a default install. it seems that there is a lot of new users, or just users wanting to get started quickly that over look the upload issues. I see it quite a lot in both the PHP lists, and the security focus lists. PHP has recently gotten a bad name for itself with this type of compromise and it's an all too common problem that despite the warnings, still crops up regularly. making a change like this could help to not only improve security, but also the bad publicity that PHP has recieved over this. anyway, my 2 cents, sorry again if this is in the wrong place... -skate-
