On 04/08/12 21:03, Nikita Popov wrote:
On Sat, Aug 4, 2012 at 9:57 PM, Yahav Gindi Bar <g.b.ya...@gmail.com> wrote:
We had dl() until it was deprecated, and even when we got it I guess that
administrators disabled the dl() method because of security reasons.
However, PECL got limited extensions which, as long as I know, does not put
the server into security risks (maybe I've said something VERY STUPID right
now, so excuse me...)
PECL extensions are C code. "C code" is programmer slang for "security risk".
I mean, seriously, extension code can be pretty much everything.
Allowing people to load extensions from userland would go beyond
fatal.
Nikita
Aren't shared hosting servers pretty well secured, though? If each site
is under a different userid, surely it can't do much damage?
--
Andrew Faulds
http://ajf.me/
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
