William A. Rowe, Jr. wrote: > An example php.ini file that is significantly immune to these side effects > would seem to be a good idea. Either that, or a "DON'T COHOST UNTRUSTED > SCRIPTS" disclaimer :)
Disabling dl() is a rather well-known ISP configuration. And it isn't allowed at all in any threaded sapis, so that part isn't an issue. I guess you are asking us to provide an example .ini file for hosting companies. The sticky point here is that I think most of us would suggest using a fastcgi or a completely vm'ed setup for any sort of secure hosting. And in both those cases dl() wouldn't actually be a problem. -Rasmus -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
