Gareth Ardron wrote:
Rasmus Lerdorf wrote:
TCP/IP Firewalls break all sorts of applications as well until either the application is modified to poke a hole in the firewall itself via upnp, or you reconfigure the firewall. This makes firewalls annoying, but they are necessary. This is exactly the same thing. It is a data firewall for PHP. You don't have to use it, but people want it and need it.
I would think the difficulty would be in informing people that functionality like this is only the start of good security.
Maybe a proper, official, howto on PHP security should be drawn up
The phpsec group started a project to do just that: http://www.phpsec.org/
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
