At 8:55 PM -0400 17/4/02, Justin Farnsworth wrote:

>This is a rather meaningless thread.  It is a
>security issue that is displaced.

If PHP is not honoring the time limit and memory usage directives
when outputting headers, then this is a bug in PHP. If this allows
a DoS attack, then this is a very real security problem.

Local DoS attacks aren't as serious as remote DoS, local exploits
or remote exploits, but they are nevertheless a real security

One of the benefits of PHP is that it is widely deployed. Many ISPs
offer PHP access as a standard part of their web hosting package.

And if you think all customers of ISPs are trustworthy, you don't
know much about being an ISP :)

If these ISPs come to see PHP as a security threat and remove access
to PHP, it is only the PHP community which will suffer.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to