On Wed, Aug 7, 2024, 2:11 AM Rob Landers <rob@bottled.codes> wrote:
> > I find this assertion kind of scary from a shared hosting perspective or > even from a 3v4l kind of perspective. How do these services protect > themselves if php is inherently insecure? > php is not inherently insecure. not even remotely and quite the opposite. Shared hosting is. This is issue is not specific to php, almost all languages out there will have the same memory (or else) challenges. Crypto apis or similar features requiring high level of safety for the data use various technics to mitigate it (zeroing after use, decrypt mem on demand only etc). A bit off topic but with the solutions out there for vps, etc, shared hosting for anything requiring data safety should be avoided like the pest. About this feature, it looks, at a first glance, like an advanced complex version of safe mode/open base dir, with the additional features. I never ever had to mock core functions for testing, I would think about a design issue if it is needed. But I may be wrong, that would not be a first :) cheers, Pierre
