Martin Scotta
On Tue, Jun 7, 2011 at 10:36 AM, Ferenc Kovacs <i...@tyrael.hu> wrote: > On Tue, Jun 7, 2011 at 3:10 PM, Reindl Harald <h.rei...@thelounge.net > >wrote: > > > > > > > Am 07.06.2011 15:08, schrieb Ferenc Kovacs: > > > On Tue, Jun 7, 2011 at 3:04 PM, Reindl Harald <h.rei...@thelounge.net > > >wrote: > > > > > >> > > >> > > >> Am 07.06.2011 14:44, schrieb David Muir: > > >>> On 07/06/11 18:40, Reindl Harald wrote: > > >>>> there is a reason for example to disallow many functions > > >>>> on a webserver - so every API has to make sure they > > >>>> can not be bypassed > > >>>> > > >>>> "because we can" is no valid reason for everything because > > >>>> we can install binary extension as they exist now and > > >>>> if you can not you are missing the permissions for some > > >>>> good reasons > > >>>> > > >>> > > >>> So you're saying that PECL, PNI or FFI should should be actively > > >>> discouraged because of security concerns? > > >> > > >> WHERE i said this? > > >> PECL-Extensions can NOT be enabled by the user > > >> > > >> > > > except if dl is enabled of course. > > > > i think nobody out there will enable this and hope such > > crazy things are not enabled by default! > > > > > sadly there are many crazy people out there: > > http://www.google.hu/#sclient=psy&hl=hu&source=hp&q=intitle:phpinfo()+enable_dl&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=580ca0074daf5780&biw=1280&bih=939 > > Most admins are not even aware of this, others really don't care -- how many host are up to date? So why relying on them? > Tyrael >