At 08:15 AM 2/5/2002, Rasmus Lerdorf wrote: >The fact that 3rd party libs can load arbitrary files is not a new >concept. Every time I give a moderately detailed PHP talk I mention the >fact that there is a way to load a file through the oci8 libs. Of course >it can be done through the mysql libs as well. This is not a new concept. >All someone woulod have had to do to learn of this "vulnerability" would >have been to go to any of the PHP talks I have given in the past 3 years.
Which means that about a one out of every 10,000 PHP users are aware of it? :) Seriously though, it should probably be noted some prominent place that safe mode isn't safe, at best, it's safer. Zeev -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
