Edit report at http://bugs.php.net/bug.php?id=11549&edit=1
ID: 11549 Updated by: j...@php.net Reported by: david at ols dot es Summary: open_basedir/include_path security improvement -Status: Open +Status: Closed Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues Operating System: Any PHP Version: 4.0.5 -Assigned To: +Assigned To: jani Block user comment: N Private report: N New Comment: All of described is implemented in some ways, if you still think it's not, please give proper example of what you want to achieve. Previous Comments: ------------------------------------------------------------------------ [2001-06-19 03:35:02] david at ols dot es As for now, when in safe mode include_path will not work correctly unless all included paths are also in open_basedir, so there is no way to stop users to read files from include_path. It will be useful to restrict include_path to only include and require just by not including those paths also in open_basedir. This will also require some configuration options to avoid defining include_path in .htaccess files and the use of include_path in fopen functions. This way you could store critical information (like db passwords) in included files allowing users to use functions defined in that files but without allowing them to read the real code. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=11549&edit=1
