Hi, On Thu, 24 Nov 2005 16:23:05 -0800 Andi Gutmans <[EMAIL PROTECTED]> wrote:
> Yep, completely right. We came to the conclusion a long time ago that > safe_mode isn't safe, and keeping it around is just going to continue > giving people a false sense of security (and PHP a bad name). I don't think anybody disagrees about this. I'm just curious about documenting some recommendations. I believe the problem about safe_mode is the name and the "magic" it applies. "enable_dl" enables or disables dl(). "upload_tmp_dir" specifies the tmp dir. "open_basedir" sets basedir restriction. All these settings are clear about their purposes and impact. But "safe_mode" does... something not obviously clear. If (and only if) the approach of disabling exec functions is recommended one could have a setting for this. "disable_exec_functions" might be a setting that is clear about its purpose and impact. -- - Peter Brodersen -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
