Hello, a vulnerability was published yesterday concerning a possible security hole for sites using PHP. http://www.net-security.org/text/bugs/995534301,88119,.shtml SUMMARY A local user can write a one-line script calling itself via HTTP by using fopen(). This can lead to a denial of service by exhaustion of available ports. This overrides the maximum_execution_time. SOLUTIONS - Switch allow_url_fopen to Off in php.ini DEV NOTE - This would be safe to : - include url fopen() in --disable-sockets - put allow_url_fopen Off by default in php.ini hellekin P.S.: there is another security bug affecting 4.0.5 and 4.0.6 for mail() : http://www.net-security.org/text/bugs/995534103,28541,.shtml -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
