Re: [PHP-DEV] PKCS#11 support
Hi Scott, Op 20-7-2010 0:28, Scott MacVicar schreef: It can be released on the PECL site but I doubt it would go in the default distribution. Why not including this in the default distribution? It would be great to have PKCS#11 support in the default PHP distribution! -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] In memory support for openssl_pkcs7_*
Op 16-7-2010 9:54, Pierre Joye schreef: Can you open a feature request for these changes/features please? So I won't lost track of them. http://bugs.php.net/bug.php?id=52356 -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] In memory support for openssl_pkcs7_*
Hi, The PHP functions openssl_pkcs7_(sign|encrypt|decrypt|verify) do require files to be executed. In many cases this will create the unintended requirement of temporary files. In compare with openssl_(sign|encrypt|decrypt|verify|...) which are doing almost the same thing this is a strange behavior. When we look at the purpose of openssl_pkcs7_* (working with digital signatures in mail), you would not expect to work with files instead of strings for this few data. Regards, Paul -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
Daevel wrote: Hello, without any patch you can modify the sendmail_path parameter and add what you want no ? With mod_php I use this in my virtualhosts : php_admin_value sendmail_path /usr/sbin/sendmail -t -i -f [EMAIL PROTECTED] Yes, I have done this.. but now is the question where is the spamming script? An with CGI module, we already have the username. It should be enough to identify which member is involved ; no ? Yes, but not to identify which the script -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DEV] PHP mail() header patch for SafeMode
Hi All, I'm working for an hosting company, we have a lot of PHP users and see regularly that one of the scripts from our users is hacked. Result?, a lot of spam on the net, and a lot of work the find the spamming scripts on the servers. If you have a PHP script that sends mail, the recipient of the mail message will only see which server it was sent from. There will normally be no record of who originated the message, or which script on the server actually caused it to be sent. This can make it difficult to trace misuse, even if you have comprehensive mail and webserver logs. I think it should be usefull to add the PHP mail() header patch from Steve Bennett in safemode by default. The header could be in the form: X-PHP-Script: servernamephp-self for remote-addr For example: X-PHP-Script: www.example.com/~user/testapp/send-mail.php for 10.0.0.1 The patch can be found at: http://www.lancs.ac.uk/~steveb/patches/php-mail-header-patch/ Best Regards, Paul van Brouwershaven -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
Lukas Kahwe Smith wrote: Are you aware of the following: http://ilia.ws/archives/149-mail-logging-for-PHP.html The idea is the same, but why is this not in the core? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DEV] PHP mail() header patch for SafeMode
Hi Lars Markus, Lars Strojny wrote: As safemode is going to be (finally!) removed in PHP 6, I would propose not to make this dependent on safe-mode. I would rather allow this feature to be enabled separetely in the php.ini. Something like mail.extra_log_header (not the perfect name, I know) would work. [...] Enabling it from the php.ini would also be a good option, the main point is to get some help with tracking the spam source in a shared hosted environment. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
