Hi, On Mon, 14 Feb 2005 01:56:41 +0100, in php.internals [EMAIL PROTECTED] (Peter Brodersen) wrote:
>http://basedir.ter.dk/globeater.php >http://basedir.ter.dk/globeater.php?debug=1 >http://basedir.ter.dk/globeater.phps > >Is it really a-okay that a script in pure PHP under >safe_mode-restriction, under open_basedir-restriction, using any >native php configuration methods to prevent accessing directory >information, with no access to shells, other languages or other means >of retrieving information from the system still is able to retrieve >file lists, that might contain session files, opening the possibility >of session hijacking? No worries at all? That actually worries me :-) -- - Peter Brodersen -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
