Peter Brodersen wrote:
On Tue, 22 Nov 2005 18:57:19 +0100 (CET), in php.internals
[EMAIL PROTECTED] (Derick Rethans) wrote:
On 11 and 12 November a bunch of us had a developers meeting in Paris,
discussing the things we want to do for PHP 6. Partly because of the
Unicode support, but we also discussed the items on "Rasmus' wishlist"
and a lot of other items. I made a report of the discussions we had and
placed the notes here:
http://php.net/~derick/meeting-notes.html
Very interesting - thanks for the details. It all sounds very
promising.
Regarding safe_mode I agree that I'll never be any kind of magic
wundertool. But as the docs also specify, many shared hosts currently
"rely" on it (meaning they have setups where the users don't have
shell opportunities or other ways of accessing each other's files).
I'm not looking for any near-safe_mode-substitution. I'm more
concerned about the deployment of PHP6 at shared hosts.
These shared hosts really should be using open_basedir. We have
confused them by having both directives, and I see some even enable both
safe_mode and open_basedir on top of each other which doesn't make much
sense. Shared hosts really should be setting an open_basedir on a
per-vhost basis. This will fix file uploads and a number of other
issues and is every bit as safe (or unsafe depending on how you look at
it) as safe_mode.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
