Myth: Safe mode makes a PHP installation safe.
I never said this.
webserver, not of a scripting language and therefore we shall not put hacks in extensions because libraries do not adhere to safe mode.
If there IS a possibility to make safe-mode a little bit more secure why don't do it? The fopen command of the libc doesn't check for safe-mode, so PHP is doing it. The curl library does not check for safe-mode but in this case you don't want PHP to do the check? Extension or not, the PHP curl functions are part of PHP, it's not an unsupported PECL extension.
> It's almost certain that one can never put all the necessary > checks in the extension anyway.
That's absolutely clear. That's why PHP has the ability to disable functions which can't be secured for safe-mode. But if this argument leads to sporadic securing of PHP functions (like "Why should I secure this function even if it's possible? safe-mode can't be secure anyway...") then safe-mode seems to make no sense at all.
-- Bye, K <http://www.ailis.de/~k/> (FidoNet: 2:240/2188.18) [A735 47EC D87B 1F15 C1E9 53D3 AA03 6173 A723 E391] (Finger [EMAIL PROTECTED] to get public key)
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
