If you don't trust your users to execute external commands, which is
perfectly valid concern, PHP provides you with a way (disable_functions)
INI setting to restrict the functionality.
Ilia
Peter Brodersen wrote:
On Sat, 25 Mar 2006 12:14:52 -0500, in php.internals [EMAIL PROTECTED]
(Ilia Alshanetsky) wrote:
Plus is you leave the file writable, what's to say you couldn't do:
shell_exec("cp foo /lib/file/inc.php") ?
The possible exec restriction salvaged from safe_mode mentioned in
<[EMAIL PROTECTED]> ?
This thread is mainly about a safety net for one's own code. But
regarding restricting users, open_basedir is IMO useless if not backed
up by some other methods (like restricting exec functions).
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
