At 8:55 PM -0400 17/4/02, Justin Farnsworth wrote: >This is a rather meaningless thread. It is a >security issue that is displaced.
If PHP is not honoring the time limit and memory usage directives when outputting headers, then this is a bug in PHP. If this allows a DoS attack, then this is a very real security problem. Local DoS attacks aren't as serious as remote DoS, local exploits or remote exploits, but they are nevertheless a real security concern. One of the benefits of PHP is that it is widely deployed. Many ISPs offer PHP access as a standard part of their web hosting package. And if you think all customers of ISPs are trustworthy, you don't know much about being an ISP :) If these ISPs come to see PHP as a security threat and remove access to PHP, it is only the PHP community which will suffer. ...Richard. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php