Hello Ilia, what i wanted it a SYSTEM INI setting that allows which streams work exactly. As opposedto being able to select between all and none while hoping that the switch works (for the reasons you specified).
best regards marcus Saturday, January 13, 2007, 6:22:33 PM, you wrote: > Marcus, > You want to use an INI setting to specify which streams are local and > which are remote? That seems like a recipe for disaster to me, people > adjusting this setting many not consider some streams that are remote > etc... leading to security holes. There is really no reason why PHP > could not effectively use flags internally to identify the difference > between the two sources of streams. Ultimately it'll always fall to > the extension writer, same as with open_basedir, which author can > choose to bypass if they so choose to. > The main issue here is I think is that is_url flag is new and there > are many extensions providing remote wrapper that have been written > prior to its addition and therefor do not have a proper setting in > place, which may have been added in a hurry to solve a compilation > failure. > On 13-Jan-07, at 12:13 PM, Marcus Boerger wrote: >> Hello Stefan, >> >> i also think something should be done here. The is_url flag does not >> really help. What we imho need is an ini setting that allows >> specifying >> which stream handlers to allow. And that should not include user >> streams. >> >> best regards >> marcus > Ilia Alshanetsky Best regards, Marcus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
