Hi Zeev,

>-- Quoted from Zeev:
> The one main problem with safe_mode in general is that the idea is
> problematic by definition.  Security outside the OS level is prone to
> errors, and a false sense of security is much worse than knowing you're
> insecure.

I agree. I think this means that either:
- We shouldn't do very much on security
- We should make clear we are NOT providing complete security, but that we
only try to help the administrator by giving him some extra options.

> In my opinion, safe mode should only feature features which can have an
> infrastructure-level solution, and are not prone to errors.  There aren't
> too many of these.  The current safe mode implementation is extremely
> to errors because it tries to protect opened files, and the way its built,
> it's bound to be missing checks in many places...

I know :(

Maybe we could make a document that describes what a module/extension should
do to be considered 'safe-mode compatible'. That way it would be easier for
the module author to check his code. I don't believe anyone is intentionaly
writing 'insecure' code.


PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to