On March 19, 2004 05:23 pm, Rasmus Lerdorf wrote: > I suppose it could, but it doesn't. Have you tried it?
I've tried on a small scale. > But people still like the efficiency and convenience of a runtime > open_basedir check. It gets you 90% of the way there and it doesn't cost > you that much. Until there is a realworld alternative for folks, and no, > nothing mentioned so far are realistic alternatives, I just don't see this > demand going away. I am not suggesting we remove open_basedir or safe_mode although I still maintain they are horrible kludges implemented in the wrong place as it is not the job of scripting language to implement file system security. Adding further hacks, prevents the development of real solutions to the problem rather then hacks trivially bypassed. These open_basedir/safe_mode will not prevent the use of CGI (supported by most IPS) to bypass these limits, INI leaks can be used to bypass those 'security' measures as well, etc... Ultimately the choice to use easy to implement hacks creates a false a sense of security, which ultimately leads to compromised servers. Regardless of who is right or wrong at this point PHP 4 is feature locked and so is PHP 5. Ilia -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
