From: [EMAIL PROTECTED] Operating system: Any PHP version: 4.0.5 PHP Bug Type: PHP options/info functions Bug description: open_basedir/include_path security improvement As for now, when in safe mode include_path will not work correctly unless all included paths are also in open_basedir, so there is no way to stop users to read files from include_path. It will be useful to restrict include_path to only include and require just by not including those paths also in open_basedir. This will also require some configuration options to avoid defining include_path in .htaccess files and the use of include_path in fopen functions. This way you could store critical information (like db passwords) in included files allowing users to use functions defined in that files but without allowing them to read the real code. -- Edit Bug report at: http://bugs.php.net/?id=11549&edit=1 -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
