On Fri, 29 Oct 2004, Klaus Reimer wrote: > Safe-mode is a feature of PHP so PHP should make sure that this feature > is working with all functions included in PHP if it's possible to secure > the function (otherwise the user must disable it). And there is already > a patch to do it, so it seems to be possible to secure the curl functions.
Myth: Safe mode makes a PHP installation safe. Wrong! It might make it a bit safer, but there is always a possibility to work around it. Privilege seperation should be a function of a webserver, not of a scripting language and therefore we shall not put hacks in extensions because libraries do not adhere to safe mode. It's almost certain that one can never put all the necessary checks in the extension anyway. Derick -- Derick Rethans http://derickrethans.nl | http://ez.no | http://xdebug.org -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
