In httpd server (and most) there is a startup phase, when we generally trust what the admin has done, and a runtime phase. There are obvious exploits if untrusted scripts can run arbitrary dlload's after startup.
enable_dl in php.ini will obviously override this, but to start up and load dynamic extensions, it's initially required to be on. Is there any sense in having php4apache2 (and other SAPI's) permitted to run the entire startup phase of php prior to turning enable_dl back off for the runtime phase of the server? -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
