Hi! > If scenario (a) gives even a slight security advantage over scenario (b), > we should think very carefully before removing the feature.
There's definitely _some_ security advantage, defense is always in layers, and while open_basedir can not be made secure, it certainly can avert _some_ attacks and prevent _some_ bugs from becoming a security catastrophe. *Relying* on it is wrong, but using it while being fully aware it is just a partial protection that is only good for certain things but not others is IMO fine. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
