On 5-Nov-06, at 12:13 PM, Rasmus Lerdorf wrote:
The exact same argument could me made for a localhost http or ftp include which we also disallow.
For http allowing localhost access is dangerous simply because the person could make the script request itself making a very nasty request loop that will instantly result in a denial of service that requires nothing short of a web server restart to resolve.
Ilia Alshanetsky -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
