On Mon, February 11, 2008 9:59 am, Eric Butera wrote: > On Feb 11, 2008 10:44 AM, Per Jessen <[EMAIL PROTECTED]> wrote: >> Eric Butera wrote: >> >> >> I like it from a coding point of view (it's neat and elegant), >> but I >> >> don't think it achieves anything else than my initial suggestion >> of >> >> using exec(gzip -c). >> >> >> > >> > Except for that little thing where you shouldn't be using execs in >> > public facing code. >> >> Why not? > > You should never use exec & friends when there is another way around > the problem. It is a security concern.
The only security concern I am aware of is if you pass in user supplied data to the exec() arg... And if you filter it properly, it is no more risky than anything else. If you don't filter properly, then you're in trouble no matter what external lib you are using... -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
