> > If this allows a DoS attack, then this is a very real security problem.
> Why should it?  Even if there is a verifiable bug allowing time/memory 
> limits to be exceeded when header() goes into an infinite loop, how could 
> someone exploit this from the outside?  If a scripter is letting any
> web visitor put their script into an infinite loop, then the results are
> *least* as much the scripter's fault as PHP's.  [snip]
> As far as I can tell, the only security problem here is the usual one: 
> figuring out who is clueful enough and responsible enough to be trusted 
> with access to operations which can compromise the server.

A coder could do a lot more damage to a server, than a DoS, if they had
access the PHP. Oh! The fun I would have if I was malicious (but I'm not
BTW). There's more at stake than a simple DoS if someone can upload a PHP
script to a server.

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to