On Tue, Jun 7, 2011 at 4:59 PM, Martin Scotta <martinsco...@gmail.com>wrote:
> > > Martin Scotta > > > On Tue, Jun 7, 2011 at 10:36 AM, Ferenc Kovacs <i...@tyrael.hu> wrote: > >> On Tue, Jun 7, 2011 at 3:10 PM, Reindl Harald <h.rei...@thelounge.net >> >wrote: >> >> > >> > >> > Am 07.06.2011 15:08, schrieb Ferenc Kovacs: >> > > On Tue, Jun 7, 2011 at 3:04 PM, Reindl Harald <h.rei...@thelounge.net >> > >wrote: >> > > >> > >> >> > >> >> > >> Am 07.06.2011 14:44, schrieb David Muir: >> > >>> On 07/06/11 18:40, Reindl Harald wrote: >> > >>>> there is a reason for example to disallow many functions >> > >>>> on a webserver - so every API has to make sure they >> > >>>> can not be bypassed >> > >>>> >> > >>>> "because we can" is no valid reason for everything because >> > >>>> we can install binary extension as they exist now and >> > >>>> if you can not you are missing the permissions for some >> > >>>> good reasons >> > >>>> >> > >>> >> > >>> So you're saying that PECL, PNI or FFI should should be actively >> > >>> discouraged because of security concerns? >> > >> >> > >> WHERE i said this? >> > >> PECL-Extensions can NOT be enabled by the user >> > >> >> > >> >> > > except if dl is enabled of course. >> > >> > i think nobody out there will enable this and hope such >> > crazy things are not enabled by default! >> > >> > >> sadly there are many crazy people out there: >> >> http://www.google.hu/#sclient=psy&hl=hu&source=hp&q=intitle:phpinfo()+enable_dl&aq=f&aqi=&aql=&oq=&pbx=1&bav=on.2,or.r_gc.r_pw.&fp=580ca0074daf5780&biw=1280&bih=939 >> >> > Most admins are not even aware of this, others really don't care -- how > many host are up to date? > So why relying on them? > > I didn't intended to use that to block your feature request. I've just show that there are people ran php installs with enable_dl = On personally I wouldn't mind if we would drop the support for the dl, but thats offtopic here. Tyrael
