> > If this allows a DoS attack, then this is a very real security problem.
> Why should it? Even if there is a verifiable bug allowing time/memory
> limits to be exceeded when header() goes into an infinite loop, how could
> someone exploit this from the outside? If a scripter is letting any
> web visitor put their script into an infinite loop, then the results are
> *least* as much the scripter's fault as PHP's. [snip]
> As far as I can tell, the only security problem here is the usual one:
> figuring out who is clueful enough and responsible enough to be trusted
> with access to operations which can compromise the server.
A coder could do a lot more damage to a server, than a DoS, if they had
access the PHP. Oh! The fun I would have if I was malicious (but I'm not
BTW). There's more at stake than a simple DoS if someone can upload a PHP
script to a server.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php