On Sat, Aug 4, 2012 at 11:03 PM, Nikita Popov <nikita....@gmail.com> wrote:
> On Sat, Aug 4, 2012 at 9:57 PM, Yahav Gindi Bar <g.b.ya...@gmail.com> > wrote: > > We had dl() until it was deprecated, and even when we got it I guess that > > administrators disabled the dl() method because of security reasons. > > However, PECL got limited extensions which, as long as I know, does not > put > > the server into security risks (maybe I've said something VERY STUPID > right > > now, so excuse me...) > > PECL extensions are C code. "C code" is programmer slang for "security > risk". > > I mean, seriously, extension code can be pretty much everything. > Allowing people to load extensions from userland would go beyond > fatal. > > Nikita > Because of that I wondered if it's stupid or not... I understand the reason to disable the ability to install extensions generally, but doesn't the extensions in PECL got filtered before adding them to the PECL library? My main idea is to allow only installation of extensions available in PECL (just a wrapper to the "pecl" tool, because shared hosting users cannot access it...)
