On March 19, 2004 05:42 pm, [EMAIL PROTECTED] wrote: > So just because there might be means to bypass security options in PHP we > shouldnt even bother improving security? Lets give up.
The issue is not the fact that these setting can be bypassed by PHP, those are bugs to be fixed. But the fact since the settings are PHP specific, other scripting languages (mod_perl|python) and CGI could be used to do actions restrictred from PHP. The real solution is in the webserver not a scripting language that is being run from inside the webserver. Ilia -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
