Am 11.07.2010 00:29, schrieb Rasmus Lerdorf: > On 7/10/10 3:17 PM, Reindl Harald wrote: >> What is enough on shared hosting because there are many ways >> to trigger local exploits. If there is ANY eval-injection >> in a for the admin unkown script you heave a full remote-exploit > > Shared hosts need to take other measures such as chroot'ed environments > or VMs. There are way too many local exploits, many of which have > nothing to do with PHP in underlying 3rd-party libraries.
You mean possible existing security-problems in other software is a relieable reason to not fix them as soon as possible? Strange attitude.... -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
