On Fri Aug 09, 2002 at 02:1206AM +0200, Georg Richter wrote:
> With an external libmysql (and also with the integrated libmysql, which
> doesn't support disable load data), we have a "little" security hole,
> because in safe_mode it is possible to load (and view) all the data, which
> is under access of the webserver).
It should be obvious for everyone that PHP can't protect all external
libraries in safe mode.
> I would like to disable LOAD DATA LOCAL INFILE in safe mode. However this
> will generate a lot of trouble, since users without shell access aren't able
> to import data in their mysql-db.
-10^6 on this idea. People need to have the chance to import stuff
into their databases.
--
- Martin Martin Jansen
http://martinjansen.com/
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
