Le ven 06/06/2003 à 03:59, Oden Eriksson a écrit : > > > +disable_functions = phpinfo > > - anyone using phpinfo() and making it publically accessible is insane
Amen ;-) > > Of course, people dislike it when I introduce or suggest better security > > measures, so I suspect the consensus from people will be to leave well > > enough alone. Amen ;-) > I forgot to forward this to J-M, I think it's his call after all. My opinion is we shouldn't be "more catholic than the pope". As Dan Scott wrote, "* disabling phpinfo() and dealing with people complaining that PHP doesn't work on Mandrake, because phpinfo() is a standard PHP function documented at php.net and within numerous books, tutorials, articles" This is very important to me. If someone uses the phpinfo() command and it doesn't work, they'll think that Mandrake doesn't work, and this is bad for us. If and when phpinfo is disabled by the PHP group, with a clean CVS commit, and with the benediction of Rasmus, I'll gladly conform and apply the changes to our packages. In the meantime, I suggest we leave this function alone. -- Jean-Michel Dault <[EMAIL PROTECTED]>