On May 13, 2002 04:42 am, veins wrote: > > He has a point in the sense that it's trivially easy to starve a PHP > > based web server from within, safe mode enabled or not. What you > > describe as > > the > > > automated way in which the web server will overcome this attack is not > > realistic - pretty quickly, the web server would hit the maximum number > > of children allowed, or (if improperly configured) run out of memory. > > This is not PHP related. A web server improperly configured would run out > of memory under a heavy load or with a CGI script.
In a manner of speaking you are correct it is not a PHP issue. It is not the job of a scripting language to address security. You do not disable the fork() call in C because someone could use it to forkbomb a server. Any programming language can be used to cause server problems, it is up to the admin to use the webserver and the OS to create a secure enviroment where a user cannot use the programming language in a harmful manner. ilia -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
