On Tue, 22 Nov 2005 18:57:19 +0100 (CET), in php.internals [EMAIL PROTECTED] (Derick Rethans) wrote:
>On 11 and 12 November a bunch of us had a developers meeting in Paris, >discussing the things we want to do for PHP 6. Partly because of the >Unicode support, but we also discussed the items on "Rasmus' wishlist" >and a lot of other items. I made a report of the discussions we had and >placed the notes here: > >http://php.net/~derick/meeting-notes.html Very interesting - thanks for the details. It all sounds very promising. Regarding safe_mode I agree that I'll never be any kind of magic wundertool. But as the docs also specify, many shared hosts currently "rely" on it (meaning they have setups where the users don't have shell opportunities or other ways of accessing each other's files). I'm not looking for any near-safe_mode-substitution. I'm more concerned about the deployment of PHP6 at shared hosts. Since PHP6 have a bunch of different changes and requires a lot of information I think there should be put an effort of creating a "best practices" document for these kind of setups. Something like enabling open_basedir and disabling exec-functions (popen, exec, shell_exec, passthru...). Maybe a new setting to disable all of these typies of functions together - I don't think it is a pretty solution to e.g. blacklist about six specific functions and hoping that this list is static. Furthermore, and just a though: would it be possible to have an option when compiling an apache module of setting the open_basedir value to the same as the virtual host's DOCUMENT_ROOT? I think deployment could be much easier this way. (oh yeah, and I really hope glob() results would be passed through open_basedir checks... furthermore I want a pony!) -- - Peter Brodersen -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
