On May 13, 2002 04:42 am, veins wrote:
> > He has a point in the sense that it's trivially easy to starve a PHP
> > based web server from within, safe mode enabled or not.  What you
> > describe as
>
> the
>
> > automated way in which the web server will overcome this attack is not
> > realistic - pretty quickly, the web server would hit the maximum number
> > of children allowed, or (if improperly configured) run out of memory.
>
> This is not PHP related. A web server improperly configured would run out
> of memory under a heavy load or with a CGI script.

In a manner of speaking you are correct it is not a PHP issue. It is not the 
job of a scripting language to address security. You do not disable the 
fork() call in C because someone could use it to forkbomb a server. Any 
programming language can be used to cause server problems, it is up to the 
admin to use the webserver and the OS to create a secure enviroment where a 
user cannot use the programming language in a harmful manner.

ilia

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to