At 04:43 PM 7/28/2005, Ilia Alshanetsky wrote:
Zeev Suraski wrote:
3. Introduce allow_remote_streams (effectively allow_url_fopens renamed,
except it doesn't affect include/require)
If this option is disabled, would it simply prevent loading URLs via
various file based functions and a like (like allow_url_fopen now) or will
it also include other streams operations like fsockopen (and similar),
cURL, effectively disable sockets extensions, etc?
What I had in mind was disabling streams, very much in the same way we have
allow_url_fopens=0 today. We could try and go beyond that and have
allow_remote_connections which would attempt to disable everything - but I
fear it would quickly become another safe_mode.
In addition, it wouldn't be a bad practice for each extension to provide a
way to disable remote connections in its context, or a way to completely
turn it off (in case it doesn't make sense without remote connections),
like George suggested.
Zeev
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
