At 8:55 PM -0400 17/4/02, Justin Farnsworth wrote:
>This is a rather meaningless thread. It is a
>security issue that is displaced.
If PHP is not honoring the time limit and memory usage directives
when outputting headers, then this is a bug in PHP. If this allows
a DoS attack, then this is a very real security problem.
Local DoS attacks aren't as serious as remote DoS, local exploits
or remote exploits, but they are nevertheless a real security
One of the benefits of PHP is that it is widely deployed. Many ISPs
offer PHP access as a standard part of their web hosting package.
And if you think all customers of ISPs are trustworthy, you don't
know much about being an ISP :)
If these ISPs come to see PHP as a security threat and remove access
to PHP, it is only the PHP community which will suffer.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php