On 15-Dec-06, at 9:32 PM, Stanislav Malyshev wrote:
It is not just the phpinfo() servers, it is very much a common
case I assure you.
Well, people leaving such things in their servers should deal with
it first, then get to talk about real security :)
You seem to be ignoring the argument and clinging to a false
assumption that only people with open phpinfo()s have disable_errors
enabled. I guarantee you that is not the case for the most part.
No solution can help a person who deliberately configures his
server wide open.
Accidentally leaving phpinfo(), is wide open? I suppose if I were to
demonstrate a vulnerability on zend.com it would imply Zend does not
care about security?
We are talking about people that _try_ to do it secure and we may
help them.
You're not helping them, just making assumptions about how their code
should work and making them adhere to them.
Ilia Alshanetsky
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
