Am 07.06.2011 14:44, schrieb David Muir: > On 07/06/11 18:40, Reindl Harald wrote: >> there is a reason for example to disallow many functions >> on a webserver - so every API has to make sure they >> can not be bypassed >> >> "because we can" is no valid reason for everything because >> we can install binary extension as they exist now and >> if you can not you are missing the permissions for some >> good reasons >> > > So you're saying that PECL, PNI or FFI should should be actively > discouraged because of security concerns?
WHERE i said this? PECL-Extensions can NOT be enabled by the user > What exactly are the security issues? > I'm really trying to figure out where you're coming from look in the php-changelogs how often "open_base_dir" was bypassed in the past and think about a low-level API for writing extensions installed by a user - after that think about how many idiots out there driving servers into a security-hell only with PHP and what the impact will be give them a low-level API
signature.asc
Description: OpenPGP digital signature