On March 19, 2004 04:28 pm, [EMAIL PROTECTED] wrote: > So then following your logic why not remove open_basedir,safe_mode,etc all > together from PHP, just to increase the performance?
Because it would break BC. When these options were developed Apache 2 was not around and fastcgi support was flimsy at best. Using plain CGI (which MANY ISPs use) to run PHP is quite resource intensive. Popularity of PHP will not be affected by these features and the robustness would only take a step backwards. More over the 'security' you add is easily bypassed through a variety of means. The open_basedir, safe_mode are hacks that were added because webservers at the time didn't not have the ability to easily distinguish individual user accounts and adjust the process uid/gid accordingly. Adding more to these 'features' when real support is already avaliable seems highly counter productive IMO. Ilia -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
