2007/5/18, Stanislav Malyshev <[EMAIL PROTECTED]>: Sane hosters do not rely on general-purpose language to provide security, they use OS and hardware designed for exactly that purpose. ;)
unfortunately hosters has to equilibrate security vs/usability for their customers.. so disaloowing 100% access to outside world is frecuently not possible. The issue with this remote url include thingy is that is hard to find a valid use case ..does anyone has a **real** one ? why it was introduced in the first place..?? no, Im not talking about crippling the language for security reasons as some may argue..my point is this "feature" in the reality causes far more harm than good and it has become one of the top ways to attack applications since it's introduction..my intention is only to make people think if the hassle of adding new ini directives (like allow_url_include) or functions is worth. maybe with PHP6 this issue can be addressed from it's roots instead of adding yet another workaround. my $2. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
